On June 22, 2017 (May 28, 2017 in the lunar calendar), Wikimedia announced that the US CIA weapon "Barbaric Kangaroo" could access any closed network. "Brutal Kangaroo" can access arbitrary closed networks. On June 22, 2017, US time, WikiLeaks disclosed that it had released the twelfth batch of documents in the CIAVault7 series, which are the "Brutal Kangaroo" and the "Emotional Simian" projects. The documents disclosed detailed how U.S. intelligence agencies remotely and covertly hacked into closed computer networks or independent secure isolated gateways (Air-Gapped Devices, devices that have never been connected to the Internet). The tools for these two projects are only for the Microsoft Windows operating system. Brutal Kangaroo According to information released by WikiLeaks,"Brutal Kangaroo" is a tool suite for Microsoft's Windows operating system that invades closed networks by using USB drives or gatekeepers of thumb drives. The Brutal Kangaroo component creates a customized covert network within the target closed network and provides features such as survey execution, directory listing, and arbitrary file execution. General financial institutions, military and intelligence agencies, and the nuclear power industry use closed networks to protect important digital assets. The documents disclosed this time describe how the CIA was able to penetrate closed networks (or individual computers securely isolated from network gates) within an organization or enterprise without direct access. First, infect an Internet-connected computer within the target (called primaryhost the "primary host") and install the "Wild Kangaroo" malware on this computer. When a user uses the "primary host" and inserts a USB drive or flash drive, the USB drive or flash drive itself is infected with a separate malware. If this USB drive or flash drive is used to copy data between a closed network and a LAN(local area network)/WAN(wide area network), sooner or later the user will insert the USB drive or flash drive into a computer in the closed network, and the malware will jump like a kangaroo to infect other devices in the closed network. By using Windows Explorer to browse USB drives on this protected computer, it can also infect penetrating or detect malware. If multiple computers in a closed network were under CIA control, they would form a covert network to coordinate tasks and exchange data. The stolen data can be returned to the CIA again, depending on someone connecting a USB used on a closed network computer to an online device. Although it is not clearly stated in the leaked documents this time, this method of damaging and closing the network is very similar to the way the world's first cyber super-destructive weapon "Stuxnet" works (see "Stuxnet" documentary "Zero Day. ZeroDays.2016" HD 1080PE Security Exclusive Chinese Subtitles "). The CIA allegedly began developing the "Barbaric Kangaroo" program in 2012-two years after the Stuxnet incident in Iran. DriftingDeadline, the main component of Project Brutal Kangaroo, is a malicious tool used to infect USB drives or flash drives;ShatteredAssurance: This is a server tool that handles automatic infections of USB drives or flash drives (this tool is the main means of dissemination of the Brutal Kangaroo Suite); BrokenPromise: The Brutal Kangaroo post-processor (used to evaluate collected information), Shadow: is the main residency mechanism (the Phase 2 tool, distributed across a closed network, acts as a covert command and control network; once multiple Shadow instances are installed and drives are shared, tasks and Payloads can be sent back and forth). The main execution vector used by infected USB devices is a vulnerability in the Microsoft Windows operating system that can be exploited through a specially crafted link file that loads and executes programs (DLLs) without user interaction. Older versions of the toolkit use a mechanism called EZCheese, which was a zero-day exploit until March 2015 (CVE-2015-0096); Newer versions appear to use a similar but unknown link file vulnerability related to the library description file library-ms for the Windows operating system. The Emotional Simian project "Emotional Simian" is a virus program: WikiLeaks disclosed that a total of 11 documents were released, which show that they will not be decrypted until at least 2035. The document released by WikiLeaks dated February 2016, indicating that the program may have been used by the CIA last year. CIA tools disclosed by WikiLeaks since March The following are the CIA tools disclosed and released by WikiLeaks since March by E-Security: BrutalKangaroo("Barbaric Kangaroo", which attacks gatekeeper devices and closes the network);EmotionalSimian("Emotional Monkey", a virus that targets gatekeeper devices)CherryBlossom("Cherry Blossom", a framework that attacks wireless devices);Pandemic("Epidemic", where file servers are converted into malware infection sources); Athena("Athena", malicious spyware that threatens all versions of Windows);AfterMidnight("After Midnight", a malware framework on the Winodws platform);Archimedes("Archimedes", a man-in-the-middle attack tool);Scribbles(CIA program that tracks suspected whistleblowers); Weeping Angel ("Weeping Angel", which turns smart TV microphones into surveillance tools); Hive("Honeycomb", a multi-platform intrusion implantation and management control tool);Grasshopper("Locust", a highly configurable remote Trojan implantation tool for Windows systems);MarbleFramework("Marble Framework", used to obfuscate the development code of hacker software and prevent it from being attributed, investigation and evidence collection);DarkMatter("Dark Matter", CIA technology and tool for invading Apple Mac and iOS devices)