NSA Device – SOUFFLETROUGH

(TS//SI//REL) SOUFFLETROUGH is a BIOS persistence implant for Juniper SSG 500 and SSG 300 firewalls. It persists DNT’s BANANAGLEE software implant. SOUFFLETROUGH also has an advanced persistent back-door capability.
(TS//SI//REL) SOUFFLETROUGH is a BIOS persistence implant for Juniper SSG 500 and SSG 300 series firewalls (320M, 350M, 520, 550, 520M, 550M). It persists DNT’s BANANAGLEE software implant and modifies the Juniper firewall’s operating system (ScreenOS) at boot time. If BANANAGLEE support is not available for the booting operating system, it can install a Persistent Backdoor (PBD) designed to work with BANANAGLEE’s communications structure, so that full access can be reacquired at a later time. It takes advantage of Intel’s System Management Mode for enhanced reliability and covertness. The PDB is also able to beacon home, and is fully configurable.
(TS//SI//REL) A typical SOUFFLETROUGH deployment on a target firewall with an exfiltration path to the Remote Operations Center (ROC) is shown above. SOUFFLETROUGH is remotely upgradeable and is also remotely installable provided BANANAGLEE is already on the firewall of interest.

 

Status: (C//REL) Released. Has been deployed. There are no availability restrictions preventing ongoing deployments.
Unit Cost: $0

 

Thank you for taking the time to read this article! As always keep the faith!
The NSA’s original documentation on SOUFFLETROUGH

 

SOUFFLETROUGH

The following two tabs change content below.
Preston Hood
Hello, my name is Preston Hood. I am the owner of PJHoodsCo, an Information Technology Service Provider (ITSP). I am also a freelance writer and information security researcher.
Preston Hood

Latest posts by Preston Hood (see all)

Categories: Information Technology, IT Security, and Preston Hood.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>