APEX is an National Security Agency
VPN Phase 2: #
Targeted IKE Forwarding (Spin 15)-
VPN Phase 3: Static Tasking of ESP#
- HAMMERSTEIN receives static tasking to exfil targeted ESP packets.
- APEX reconstructs/reinjects ESP packets to the TURMOIL VPN components.
- TURMOIL VPN requests VPN key from CES and attempts decryption.
VPN Phase 4: Dynamic Targeting of ESP#
- Based on the value returned by KEYCARD, the ESP for a particular VPN may be targeted as well
- TURMOIL sends to HAMMERSTEIN (via TURBINE) the parameters for capturing the ESP for the targeted VPN
VoIP Phase 1: Static Tasking of VoIP (Spin 16)#
- HAMMERCHANT monitors VoIP SIP/H.323 signaling and exfiltrates only targeted VoIP RTP sessions to TURMOIL
- APEX reconstructs and bundles the voice packets into a file, attaches appropriate metadata and delivers to PRESSUREWAVE
- This triggers a modified VoIP analytic to prepare the VoIP for corporate delivery.
VoIP Phase 2. VoIP Call Survey#
VoIP Phase 3. Dynamic Targeting of VoIP#
- HAMMERSTEIN captures/exfils all VoIP signaling
- APEX reconstructs/reinjects the signaling to the TURMOIL VoIP components.
- TURMOIL VoIP extracts call metadata and sends to FASCIA; checks KEYCARD for hits.
- If called/calling party is targeted for active exfil, then TURMOIL sends to HAMMERSTEIN (via TURBINE) the parameters to capture the targeted RTPT session
- Phase 3 leverages all TURMOIL VoIP signalling protocol processorsa to expand SIP and H.323 (e.g. Skype) without additional development on the implant.
There might be more information for this subject on one of the following: