ThaiCERT    ETDA    MDES
Report
Search
Home > List all groups > [Vault 7/8]

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: [Vault 7/8]

Names[Vault 7/8] (?)
CountryUSA USA
MotivationFinancial gain
First seen2017
DescriptionAn unnamed source leaked almost 10,000 documents describing a large number of 0-day vulnerabilities, methodologies and tools that had been collected by the CIA's Subgroup: Longhorn, The Lamberts. This leaking was done through WikiLeaks, since March 2017. In weekly publications, the dumps were said to come from Vault 7 and later Vault 8, until his arrest in 2018.

Most of the published vulnerabilities have since been fixed by the respective vendors, but many have been used by other threat actors.

This actor turned out to be a former CIA software engineer.

(WikiLeaks) Today, Tuesday 7 March 2017, WikiLeaks begins its new series of leaks on the U.S. Central Intelligence Agency. Code-named “Vault 7” by WikiLeaks, it is the largest ever publication of confidential documents on the agency.

The first full part of the series, “Year Zero”, comprises 8,761 documents and files from an isolated, high-security network situated inside the CIA’s Center for Cyber Intelligence in Langley, Virgina. It follows an introductory disclosure last month of CIA targeting French political parties and candidates in the lead up to the 2012 presidential election.

Recently, the CIA lost control of the majority of its hacking arsenal including malware, viruses, Trojans, weaponized “zero day” exploits, malware remote control systems and associated documentation. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.

“Year Zero” introduces the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of “zero day” weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs, which are turned into covert microphones.
Observed
Tools used
Counter operationsJun 2018Joshua Adam Schulte Charged with the Unauthorized Disclosure of Classified Information and Other Offenses Relating to the Theft of Classified Material from the Central Intelligence Agency
<https://www.justice.gov/opa/pr/joshua-adam-schulte-charged-unauthorized-disclosure-classified-information-and-other-offenses>
Mar 2020Vault 7 court case ends in mistrial on most serious charges
<https://www.cyberscoop.com/vault-7-mistrial-cia-joshua-schulte/>
Information<https://wikileaks.org/ciav7p1/>
<https://www.nytimes.com/2020/06/16/us/politics/cia-vault-7-hacking-breach.html>
<https://www.wyden.senate.gov/imo/media/doc/wyden-cybersecurity-lapses-letter-to-dni.pdf>

Last change to this card: 17 July 2020

Download this actor card in PDF or JSON format

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key