A trove of documents published by WikiLeaks Thursday purports to show the CIA developed a toolkit that allowed it to gain access to an air-gapped or offline network through the use of a malware-infected USB drive.

WikiLeaks said the documents show how the CIA is able to infiltrate an otherwise closed-off network and gain access to information without requiring direct access. The tool that allows for such an attack is known as Brutal Kangaroo.

Read: Government Spying: WikiLeaks 'Cherry Blossom' Documents Reveal CIA Hacks Wi-Fi Routers

Within the Brutal Kangaroo release are a number of other tools developed by the CIA that allow the agency to gain access to offline networks — the primary of which is Drifting Deadline, which allows CIA operatives to generate the malware used to infect the air-gapped machines.

The complex attack requires loading the malware generated from Drifting Deadline onto a flash drive, which then must be inserted into the “primary host” computer — an internet-connected machine operating within the target’s network.

Once the malware has been installed on the primary host, the malicious code is then spread to any USB drive connected to that machine. If a user plugs a flash drive into the infected host, that flash drive becomes infected by the malware.

If that USB drive infected by the machine the CIA compromised is inserted into another computer, including one that is part of an air-gapped network, that machine is subjected to the malware and could grant the CIA access to computers that would otherwise be operating offline.

Read: WikiLeaks Vault 7 Marble: Latest Leaks Show CIA Ability To Hide Origins Of Attack

While getting the malware to the air-gapped network requires a fair amount of luck — and less than ideal safety protocols from the target — the attack is believed to be very efficient if executed correctly.

The attack relies on malformed Windows LNK (shortcut) files that automatically execute their malicious payload whenever viewed in Windows Explorer. If more than one computer on the closed network is under CIA control, they create a covert network within the air-gapped network to coordinate attacks and exchange data.

The method used by Brutal Kangaroo once it reaches the air-gapped network is similar to the Stuxnet attack used to target Iran’s nuclear program.

There are two primary exploits the CIA used — one of which could affect machines running Windows XP, 7, 8 and 8.1. Another of the CIA’s exploits, according to the documents, was patched on every version of Microsoft’s operating system except Windows XP.

A Microsoft spokesperson told International Business Times, "Our investigation confirmed that customers on supported versions of Windows are not impacted. For the best defense against modern security threats, we recommend Windows 10, which is updated automatically by default."

The release is the latest from WikiLeaks as part of its Vault 7 series, which has focused on releasing leaked documents from the CIA detailing the government agency’s technical capabilities.

Previous leaks have shown the intelligence group’s ability to compromise Apple devices, Windows machines, launch malware attacks, obfuscate the origins of an attack to hide its tracks and compromise Wi-Fi routers to track a target’s activity online.

RELATED STORIES
Security Security Cybercrime Wikileaks