July 19 portal WikiLeaks published another portion of secret documents of the CIA in the framework of the Vault 7 project. This time, there were published data on the CIA contractor, specializing in analyzing complex cybercriminals used by cybercriminals and technicians.

According to the leaked documents, from November 2014 to September 2015, Raytheon Blackbird Technologies provided the CIA with at least five progress reports on the UMBRAGE Component Library (UCL) project,. The reports outline the methods and vectors of attacks developed by cybercriminals and the methods and vectors of researchers. Probably, the CIA specialists used this information to develop their own malicious software.

In the first report Raytheon Blackbird Technologies describes the tool for remote access HTTPBrowser, developed around 2015. The malicious program is designed to intercept keystrokes on the keyboard and was used by the Chinese cybercrime group Emissary Panda.

The second report deals with the remote access tool NfLog, also known as IsSpace, from the arsenal of the Chinese cybercrime group Samurai Panda. Malware is equipped with an exploit for vulnerability CVE-2015-5122 in Adobe Flash and is able to bypass user account control.

The third report focuses on the very complex malware Regin, used since 2013, mainly for stealing data. The malware is a modular tool for espionage and superior in its characteristics to the cyber weapons of Stuxnet and Duqu. The development of the Regin is presumably worth the US National Security Agency.

In the fourth report, experts talk about HammerToss - malicious software developed by order of Russian special services. The malware was created in 2014 and discovered in early 2015. The C & C infrastructure of HammerToss uses Twitter and GitHub accounts, as well as hacked sites and cloud storage.

The fifth report is devoted to Gamker. The Trojan uses simple encryption, downloads its copy to the system using a random file name and is embedded in various processes.