WRALtechwire.com logo

Red Hat investigating report CIA hacking tool targets its software


Jul, 28 2017, 8:47 AM

The top software product from Raleigh-based Red Hat is the target of a hacking tool developed by the CIA, according to documents published by WikiLeaks.

Red Hat Enterprise Linux is one of the world's most popular software platforms used by global financial firms, and services related to RHEL is among Red Hat's most profitable revenue streams. Red Hat is the world's best-known developer of Open Source Linux software.

"Red Hat is aware of the information around the Aeris tool, which was part of the document dump recently published by Wikileaks, and we are investigating the reports," a spokesperson for Red Hat told WRAL TechWire.

"We will keep customers updated and provide additional information as appropriate via the Red Hat Knowledgebase."

WikiLeaks says Red Hat's RHEL was targeted under a CIA program called "Imperial."

National Security Agency-born hacking programs were utilized in two major global ransomware attacks, according to researchers.

The program taking aim at RHEL is called Aeris, perhaps named after a character in the Final Fantasy VII game. And it appears to be quite dangerous. (An image of Aeris from the game is included with the "users guide" Wikileaks published.)

"The malware includes features for data exfiltration and can be used to build customized attacks," says tech news site Inquirer.

Led by Julian Assange, WikiLeaks did not identify the source of the latest document dump.

"RELEASE: CIA 'Aeris' implant targeting Debian, Red Hat, Solaris, FreeBSD and Centos users," WikiLeaks declared in a tweet on Thursday.

This is the second reported targeting of Red Hat by the CIA. CIA’s "OutlawCountry" was disclosed by WikiLeaks on June 30

The targets

The software targets two versions of Red Hat Enterprise Linux.

Red Hat calls RHEL"the leading open source platform for modern datacenters" and says it "delivers military-grade security, 99.999% uptime, support for business-critical workloads, and so much more. Ultimately, the platform helps you reallocate resources from maintaining the status quo to tackling new challenges. It's just 1 reason why more than 90% of Fortune Global 500 companies use Red Hat products and solutions."

According to Wikileaks, Aeris is an "automated implant" that "supports automated file exfiltration."

Written in "C" programming language, Aeris also targets other software: Debian, Solaris, FreeBSD and CentOS.

Wikileaks adds that Aeris is "similar" to "implants" also used to penetrate Windows systems.

WRAL TechWire has reached out to Red Hat for reaction.

The full explanation

Here's the description about Aeris as published by Wikileaks:

"Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants."

Other hacking tools

Aeris is one of three tools unveiled by WikiLeaks in its latest expose, include one that penetrates Apple Mac operating systems.

The tools are called "Achilles" and "SeaPea."

"Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution," Wikileaks says.

"SeaPea is an OS X Rootkit that provides stealth and tool launching capabilities. It hides files/directories, socket connections and/or processes. It runs on Mac OSX 10.6 and 10.7."

Read more at: