WikiLeaks describes Hive as a “back-end infrastructure malware with a public-facing HTTPS interface,” used to transfer information from machines targeted by the CIA and to allow commands to be communicated in order to execute specific tasks on those machines.

View image on Twitter

Follow

WikiLeaks

✔@wikileaks

RELEASE: Inside the top secret CIA virus control system HIVE https://wikileaks.org/vault7/?hive#Hive …

5:58 PM – 14 Apr 2017

• 390390 Retweets

• 297297 likes

To hide the presence of such malware, WikiLeaks notes that the public HTTPS interface (a protocol for secure communication over a computer network within an encrypted connection) “utilizes unsuspicious-looking cover domains,” meaning those targeted would be unaware of the CIA’s interference.

WikiLeaks notes anti-virus companies and forensic experts have noticed “possible state-actor” malware using similar back-end infrastructure, but were unable to connect the back-end to CIA operations.

READ MORE: WikiLeaks ‘hostile intel,’ Assange & his followers ‘demons’: CIA chief goes ballistic

The Hive documents released Friday may allow experts to examine this kind of communication between malware implants and backend servers, WikiLeaks says.

The CIA’s Hive project was created by its Embedded Development Branch (EDB). This branch was also responsible for projects detailed in WikiLeaks’ ‘Dark Matter’ leak, revealing the CIA’s attacks on Apple firmware.

A 2015 User Guide reveals the initial release of Hive was in 2010, and describes the software implant as having two primary functions – a beacon and interactive shell. Both are designed to provide an initial foothold to deploy other “full featured tools.”