WikiLeaks’ latest Vault7 release of leaked CIA documents detailing its hacking tools reveals malware called OutlawCountry that targets Linux systems.
OutlawCountry is described in documents dated June 4, 2015 as a kernel module for Linux 2.6 that allows CIA operators to redirect outbound traffic to a server they control by creating an hidden netfilter or iptables table. Netfilter is a packet-filtering framework within the Linux kernel’s networking stack.
OutlawCountry creates a hidden netfilter table with an “obscure name”, which the operator can use to create new rules that override existing netfilter rules. The new rules can only be seen by an admin if the table name is known, which, according to the documents, is ‘dpxvke8h18’.