Wikileaks Releases CIA Windows Malware Frameworks Dubbed “AfterMidnight” and “Assassin”

Photo of WikiLeaks homepage on a monitor screen through a magnifying glass
WikiLeaks releases new CIA documents, AfterMidnight and Assassin, as critical software systems were being attacked globally by ransomware called WannaCry.

WikiLeaks recently released details on two Central Intelligence Agency malware programs for Windows, called AfterMidnight and the Assassin, in the latest installment of its Vault 7 series.

This was done at the same time the ransomware WannaCry was spreading all over the world, hacking Microsoft Windows systems.


The whistleblowing group, WikiLeaks, has already revealed eight batches in its Vault 7 series, including the latest one.

The other previous batches include Year Zero, the Weeping Angel, Dark Matter, Marble, Grasshopper and Scribbles, all of which were revealed periodically since March of this year.

These two hacking programs released by WikiLeaks for Microsoft Windows platforms have been created for monitoring and reporting the actions of infected host computers that run on the Windows OS, which have executed malicious hacking initiatives directed by the CIA.


Earlier this year, WikiLeaks began publishing thousands of documents and hacking tools which have allegedly come from the CIA.

The latest release of malware programs marks the eighth of its kind from the WikiLeaks series.

AfterMidnight enables the operator to execute the hacking malware on a targeted system, according to WikiLeaks.

How it Works

The AfterMidnight hacking malware is specific to Microsoft and is capable of executing Gremlins and surveying targets, allowing for the outward filtration of data.

Gremlins are small sized payloads that hide within the machine and subvert the software functionalities.

AlphaGremlin is a payload that allows the operator to schedule a customized task that has to be executed by the system.

Once the AfterMidnight hacking program is installed, it makes use of a HTTPS port for checking out a scheduled event.

All related local storage is encrypted using a key that’s not present in the target machine, says the user guide included in the leak.

About Assassin

According to the leak, Assassin is similar to AfterMidnight.

It consists of automated implants that offer collection platforms on a remote system that works with the Microsoft Windows operating system.

This hacking tool allows the operator to conduct a particular task on the targeted system, by sending intercepted messages to the listening posts at regular intervals.

It consists of Implant, Builder, Command and Control, and the Listening Post.

The Implant offers core logic and functions of the hacking tool on the infected system.

It can be set up accordingly to achieve the targeted results on the computer that is being attacked.

The Builder takes care of arranging Implant and the Deployment Executables, and the Command and Control subsystem offers an interface for the operator and Listening Post.

The Listening Post enables the Implant in communication with subsystems using web servers.

CIA Holding Back Vulnerabilities

WannaCry ransomware attack on desktop screen, notebook and smartphone
Wannacry hacked computers in 150 countries globally.

Earlier in May, WikiLeaks released a leak about the MitM (man-in-the-middle) hacking tool, named Archimedes, which was allegedly created by the CIA to target computers within a LAN.

The practice of the CIA in holding back such vulnerabilities in systems, rather than revealing them to the affected vendor, caused a lot of havoc around the world recently.

This was due to the WannaCry ransomware that was responsible for hacking Windows operating system in around 150 countries globally.

The hacking attacks made use of the SMB flaw held by the National Security Agency.

Microsoft Criticizes U.S. Intelligence Agencies

Brad Smith, the president of Microsoft, has condemned the practices of the U.S. intelligence departments, accusing the NSA and CIA of causing worldwide damage to Windows systems because of the WannaCry ransomware attack.

It happened because these intelligence agencies held onto zero day security risks.

Smith stated that this is the kind of emerging pattern that is being seen this year.

Vulnerabilities are stored by intelligence agencies and they are revealed by WikeLeaks.

The hacking team had stolen the latest vulnerability WannaCry from the NSA and it has affected thousands of customers and Windows operating systems all over the world.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.