WikiLeaks has posted its latest release from the Vault 7 series of CIA-related leaks that exposes a tool dubbed “Athena”, which acts as a beacon on compromised Windows-based systems and gives the agency remote loader capabilities as well.
Athena and its associated tools function on all versions of Windows from XP through Windows 10. There is a secondary implementation named “Hera” for Windows 8 and newer systems, due to some underlying changes Microsoft made to the OSes, which offers all of the same capabilities. All told, Athena / Hera provides a beaconing capability with remote configuration and task handling. The tools also provide memory loading / unloading of NOD Persistence Specification DLLs on the target system, and allows for delivery and retrieval of files to and from a specified directory. The operator of the tools can configure settings during runtime on the compromised system and remain undetected.
Athena/Hera was co-developed by the U.S. Central Intelligence Agency and a company called Siege Technologies, which has offices in Boston, DC, and update NY. According to the about page on its corporate website, Siege Technologies “is focused exclusively on offensive and defensive cyber security technologies” and was created to “to provide world-class technical solutions to organizations looking to protect or analyze wireless systems and computer systems and their associated infrastructure.”
WikiLeaks has an array of Athena/Hera related documents posted. In addition to a complete User Guide (which was created in 2015), a technology overview is available, along with design and demo documents, and a simple overview of the design / engine.