The Wikileaks Vault 7 Leak – What We Know So Far
March 08, 2017
On March 7th, 2017, Wikileaks made public a set of documents that is being referred to as the “Vault 7 leak”. The set contains a large collection of documents purported to belong to the United States Central Intelligence Agency (CIA) Center for Cyber Intelligence. According to Wikileaks, this disclosure is the first one – and additional disclosures will be coming the near future.
At the time of the initial release, Wikileaks has not released any of the tools or exploits associated with the disclosure. Quoting from the Wikileaks Vault 7 release announcement:
Since none of the tools and malware referenced in the initial Vault 7 disclosure have been made available by Wikileaks, the scope of action that can be taken by Cisco is limited. An ongoing investigation and focused analysis of the areas of code that are alluded to in the disclosure is underway. Until more information is available, there is little Cisco can do at this time from a vulnerability handling perspective.
What we can do, have been doing, and will continue to do is to actively analyze the documents that were already disclosed. Based on our preliminary analysis of the disclosed documents:
As mentioned above, no actual binaries or technical details of any malware has been released at this time, hence limiting the analysis to the test results/quality assurance testing logs from the disclosure. Cisco Product Security Incident Response Team (PSIRT) assumes that the associated malware will eventually be released by Wikileaks – at that time, Cisco PSIRT will proceed to analyze it and determine if the malware tries to exploit any vulnerability on a Cisco product or service. If that was to be the case, then we would make sure it is fixed and our customers are appropriately notified, by following our established security vulnerability policy.