Today WikiLeaks has published batch number 15 of its ongoing Vault 7 leak, this time the leak details two alleged CIA implants which has allowed the agency to not only intercept but also exfiltrate SSH (Secure Shell) credentials from targeted Windows and Linux operating systems using different attack vectors.

Secure Shell (SSH) is a cryptographic network protocol which is used for remote login to machines and servers securely over an unsecured network.

The Windows version was Dubbed BothanSpy and the Linux version dubbed Gyrfalcon. BothanSpy is installed as a Shellterm 3.x extension on the target machine and only works if Xshell is running on it with active sessions. Gyrfalcon targets Linux systems (32 or 64-bit kernel) using a CIA-developed JQC/KitV rootkit for persistent access.

Original source: The Hacker News