NSA Device – STUCCOMONTANA

(TS//SI//REL) STUCCOMONTANA provides persistence for DNT implants. The DNT implant will survive and upgrade or replacement of the operating system – including physically replacing the router’s compact flash card.
(S//SI//REL) STUCCOMONTANA Concept of Operations
(TS//SI//REL) Currently, the intended DNT implant to persist is VALIDATOR, which must be run as a user process on the target operating system. The vector of attack is the modification of the target’s BIOS. The modification will add the necessary software to the BIOS and modify its software to execute the STUCCOMONTANA implant at the end of its native System Management Mode (SMM) handler.
(TS//SI//REL) STUCCOMONTANA must support all modern versions of JUNOS, which is a version of FreeBSD customized by Juniper. Upon system boot, the JUNOS operating system is modified in memory to run the implant, and provide persistent kernel modifications to support implant execution.
(TS//SI//REL) STUCCOMONTANA is the cover term for the persistence technique to deploy a DNT implant to Juniper T-Series routers.

 

Unit Cost: $
Status: (U//FOUO) STUCCOMONTANA under development and is expected to be released by 30 November 2008.

 

Thank you for taking the time to read this article! As always keep the faith!
The NSA’s original documentation on STUCCOMONTANA

 

STUCCOMONTANA

The following two tabs change content below.
Preston Hood
Hello, my name is Preston Hood. I am the owner of PJHoodsCo, an Information Technology Service Provider (ITSP). I am also a freelance writer and information security researcher.
Preston Hood

Latest posts by Preston Hood (see all)

Categories: Information Technology, IT Security, and Preston Hood.

Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>