On Nov. 6, 2008, the C.I.A. internally published SeaPea v2.0 – User Guide for exploiting Apple Mac OSX 10.4.X through 10.5.X. Whistleblower Source: WikiLeaks Vault 7 DARK MATTER Released in 2017. SeaPea hijacks Apple Macintosh computers undetectably, below the operating system, so that it continues to operate even when the infected target computer is rebooted. SeaPea even includes a stealth feature that deletes itself if it is “unable to hide” its files, directors, connections and running programs.
The July 2017 WikiLeaks’ release of their CIA Vault 7 series details a number of advanced hacking tools that fall under the title of “Project Imperial.” The programs “Achilles” and “SeaPea” both target MacOS while the “Aeris” program targets Linux based systems. The WikiLeaks release page states that CIA agents can use Achilles to, “Trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.”
SeaPea however, acts as a MacOS rootkit, infiltrating OSX systems once they’re rebooted. WikiLeaks states that SeaPea, “provides stealth and tool-launching capabilities,” allowing CIA agents to infiltrate and control targets computers without their knowledge. The Linux Aeris program is a malware that attacks Linux distributions such as Debian, CentOS, Red Hat, FreeBSD and Solaris Unix. The Linux malware includes data transferring capabilities and can commit custom attacks.
Discussing the Aeris program WikiLeaks states, “Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, Red Hat, Solaris, FreeBSD, [and] CentOS]),” the release page continues to state, “It supports automated file exfiltration, configurable beacon interval and jitter, standalone Collide-based HTTPS LP support and SMTP protocol support – all with TLS encrypted communications with mutual authentication. It is compatible with the NOD cryptographic specification and provides structured command and control that is similar to that used by several Windows implants.”
