The latest WikiLeaks document dump outlines a process supposedly used by CIA agents to install surveillance software that can survive a factory reset. Part of WikiLeaks’ Vault 7 series, today’s leak is called “Dark Matter.”
“Dark Matter” describes the new leak as containing documentation for several CIA projects designed to target Apple Macs and iPhones, reads a new report from the Huffington Post. The files show how the CIA gains “persistence” on these devices, it claimed.
The document dump uncovers the so-called ‘Sonic Screwdriver’ project, created and spearheaded by the CIA’s Embedded Development Branch, which – as explained by the CIA themselves – is a “mechanism for executing code on peripheral devices while a Mac laptop or desktop is booting.”
Wikileaks’ documents also reveal that the CIA is also making use of “DarkSeaSkies,” which is “an implant that persists in the EFI firmware of an Apple MacBook Air computer,” along with “‘Triton’ macOS malware, its infector ‘Dark Mallet’ and its EFI-persistent version ‘DerStake.'”
Wikileaks concludes: “While CIA assets are sometimes used to physically infect systems in the custody of a target it is likely that many CIA physical access attacks have infected the targeted organization’s supply chain including by interdicting mail orders and other shipments (opening, infecting, and resending) leaving the United States or otherwise.”
The leak came just prior to WikiLeaks latest press briefing, scheduled to take place on Thursday. The last Vault 7 press conference was cancelled after Julian Assange claimed their streaming services were being attacked.
The press conference comes two weeks after Assange said WikiLeaks will give tech companies exclusive access to leaked information they obtained from the CIA in the first part of “Vault 7”, known as “Zero Days.”