Following the release of Vault7, Wikileaks continues its series of publications on the CIA's alleged cyber spying program under the name of Vault 8.
In its first release, the new Wikileaks filtration series reveals the source code and development logs of Project Hive. This project is based on an advanced command and control server that communicates with malware to send commands, execute specific tasks on target systems, and receive filtered information from these computers.
The Hive tool is a multi-user system that provides covert communications between CIA operators. The malware communicates directly with a fake website that runs on a commercially used Private Virtual Private Server, which appears harmless when opened in the web browser. However, in the background, malware can communicate with the web server that then forwards malware-related traffic to a secondary and "hidden" CIA server called Blot, via a secure VPN connection. To avoid detection by network administrators, the CIA would use fake digital certificates posing as Kaspersky.