In a release dubbed Vault 8, which includes source code for documents released under the name Vault 7, WikiLeaks said that the code released was for Hive, infrastructure that the CIA used to control its malware. Hive could act as multitasking tool by taking care of multiple implants on target computers. It said digital certificates for authenticating implants that the CIA used were created by the agency in order to deceive those who were being infiltrated. Three examples included in the source code release built a fake certificate for Kaspersky Lab, a company whose products have been banned from use by US public sector bodies over the claim that it aids spying by Russia.
In case a visitor stumbled on the website, everything seemed normal. However, Hive used an uncommon HTTPS server option Optional Client Authentication which doesn’t need any authentication from user’s side.
“Traffic from implants is sent to an implant operator management gateway called Honeycomb while all other traffic go to a cover server that delivers the insuspicious content for all other users,” Vault 8 leak mentions.
— source itwire.com, fossbytes.com 2017-11-13