CISA Opens Source Code for Thorium Malware Analysis and Digital Forensics Platform

01.08.2025 2 minutes Author: Newsman

The U.S. Cybersecurity and Infrastructure Protection Agency (CISA) has announced the open access to Thorium, a powerful malware analysis and digital forensics platform. The tool was created in partnership with Sandia National Laboratories and is capable of processing over 10 million files per hour per access group.

Thorium is designed as a scalable system for automating cyber incident investigation processes. The platform allows you to run over 1,700 tasks per second and integrates both commercial and open-source tools.

Thorium’s main features include:

  • Import and export of tools for sharing between cybersecurity teams.
  • Integration of command-line utilities in the form of Docker images.
  • Search and filter results by tags and full-text index.
  • Access control based on group permissions.
  • Horizontal scaling with Kubernetes and ScyllaDB.

Thorium is focused on software analysis, digital forensics, and incident response, allowing specialists to quickly assess complex threats and receive results in real time.

CISA actively promotes open cybersecurity tools. In 2024, the agency introduced the Malware Next-Gen platform, which allows malware samples to be publicly uploaded for analysis. Previously, CISA launched free security scans for critical infrastructure and released the Eviction Strategies Tool to assist in incident response. Thorium is the next step in this strategy. The open source code of the platform is now available on CISA’s GitHub, allowing government and private organizations to use it for their own purposes for free.

Opening the Thorium source code strengthens global cybersecurity by allowing the community to analyze, improve, and scale defense tools. This is another example of government agencies moving to an open-source collaboration model that improves the effectiveness of their threat response.

Subscribe
Notify of
0 Коментарі
Oldest
Newest Most Voted
Found an error?
If you find an error, take a screenshot and send it to the bot.