Every Friday, WikiLeaks has established a tradition of leaking new documents in the Vault 7 series — which details some of the CIA's hacking tools. Today, the organization leaked documentation about a tool called Athena.

According to leaked documents, which WikiLeaks previously claimed it received from hackers and CIA insiders, Athena is an implant — a CIA technical term for "malware" — that can target and infect any Windows system, from Windows XP to Windows 10, Microsoft's latest OS version.

Documents leaked today are dated between September 2015 and February 2016, showing that the CIA had the ability to hack Windows 10 months after its launch, despite Microsoft boasting about how hard it would be to hack its new OS.

Athena included support for fileless execution

At the technical level, despite using custom terms to describe its modus operandi, Athena isn't that special when compared to other malware developed for cyber-espionage operations.

According to documents, a CIA operative has a builder at his disposal with plenty of options to generate an Athena malware payload. This payload can be specifically assembled to work with an online C&C server, offline, or in a RAM-only mode (also known as diskless/fileless mode).

For installing Athena, operatives had different methods available that ranged from classic delivery methods to supply chain compromise, and even via an in-the-field operative, if necessary.

Once on a target's PC, Athena would communicate with a C&C server from where it would receive instructions or additional payloads it would need to install on its victim's computer. This is a classic architecture we find in most malware today.

Athena modus operandi

Leaked files reveal that Athena was designed to be used with another system called Hera, on which there isn't any additional information available at the moment.

CIA co-developed Athena with US cyber-security company

What's more interesting is that documents reveal the CIA had helped from a non-government contractor in developing the malware.

The company is Siege Technologies, a cyber-security company based in New Hampshire, which was acquired on November 15, 2016, by Nehemiah Security, another US company, based in Tysons, Virginia, on the outskirts of Washington and near CIA's headquarters, in a zone peppered with various military and defense contractors.

In 2014, Blomberg ran a feature on Siege Technologies and Jason Syversen, the company's founder. In the article, Syversen said his company was working on creating a system that would tell US officials if a cyber-weapon was successful or not, the equivalent of a "kill metric" for classic weapons.

You can follow the rest of our WikiLeaks Vault 7 coverage here. Below is a list of the most notable WikiLeaks "Vault 7" dumps:

Weeping Angel - tool to hack Samsung smart TVs
Fine Dining - a collection of fake, malware-laced apps
Grasshopper - a builder for Windows malware
DarkSeaSkies - tools for hacking iPhones and Macs
Scribble - beaconing system for Office documents
Archimedes - a tool for performing MitM attacks
AfterMidnight and Assassin - malware frameworks for Windows

Related Articles:

Senators Demand Voting Machine Vendor Explain Why It Dismisses Researchers Prodding Its Devices

Ad Clicker Hiding as Google Photos App Found in Microsoft Store

Cheap Android Phones and Poor Quality Control Leads to Malware Surprise

Erratic Windows 10 Bug Breaks Changing of Default File Associations

Microsoft Bug is Deactivating Windows 10 Pro Licenses and Downgrading to Home