The CIA targets Windows users via a framework called Grasshopper that it uses to customize and execute malware, according to 27 documents published by WikiLeaks in the latest installment of its Vault7 leaks.
The WikiLeaks Grasshopper release includes a set of user guides that are not unlike those issued by commercial software developers. While not the tools themselves, the documents provide a solid overview of how the tools function and what potential targets might want to look for in determining if their own systems have been subject to CIA attack.
Grasshopper includes a variety of tools and techniques for a wide range of hacking functions, including methods for evading antivirus software. The WikiLeaks release also highlights a few of the organizations that use tools like Grasshopper, such as the Advanced Engineering Division (AED) that develops the CIA’s implant code and the Remote Development Branch (RDB) that develops remote implants.