As we noted in 2018, Vault 7 - a series of 24 documents which were released beginning on March 7, 2017 - revealed that the CIA had a wide variety of tools to use against adversaries, including the ability to "spoof" its malware to appear as though it was created by a foreign intelligence agency, as well as the ability to take control of Samsung Smart TV’s and surveil a target using a "Fake Off" mode in which they appear to be powered down while eavesdropping.

The CIA’s hand crafted hacking techniques pose a problem for the agency. Each technique it has created forms a "fingerprint" that can be used by forensic investigators to attribute multiple different attacks to the same entity.

...

The CIA’s Remote Devices Branch’s UMBRAGE group collects and maintains a substantial library of attack techniques 'stolen' from malware produced in other states including the Russian Federation.

With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from.

UMBRAGE components cover keyloggers, password collection, webcam capture, data destruction, persistence, privilege escalation, stealth, anti-virus (PSP) avoidance and survey techniques. -WikiLeaks

Vault 7 also revealed:

In addition to its operations in Langley, Virginia the CIA also uses the U.S. consulate in Frankfurt as a covert base for its hackers covering Europe, the Middle East and Africa.

CIA hackers operating out of the Frankfurt consulate ( "Center for Cyber Intelligence Europe" or CCIE) are given diplomatic ("black") passports and State Department cover. 

• Instant messaging encryption is a joke.

These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloackman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied.

• The CIA laughs at Anti-Virus / Anti-Malware programs.

CIA hackers developed successful attacks against most well known anti-virus programs. These are documented in AV defeats, Personal Security Products, Detecting and defeating PSPs and PSP/Debugger/RE Avoidance. For example, Comodo was defeated by CIA malware placing itself in the Window’s "Recycle Bin". While Comodo 6.x has a "Gaping Hole of DOOM".

• iPads / iPhones / Android devices and Smart TV’s are all susceptible to hacks and malware. The agency’s "Dark Matter" project reveals that the CIA has been bugging “factory fresh” iPhones since at least 2008 through suppliers. Another, "Sonic Screwdriver" allows the CIA to execute code on a Mac laptop or desktop while it’s booting up.

Schulte previously worked for the NSA before joining the CIA, then "left the intelligence community in 2016 and took a job in the private sector," according to a statement reviewed in May of 2018 by The Washington Post.

The verdict showed that the jury had doubts about the government’s most important evidence, which came from a C.I.A. server. Trial witnesses guided jurors through a complicated maze of forensic analysis that, according to prosecutors, showed Mr. Schulte’s work machine accessing an old backup file one evening in April 2016.

He did so, prosecutors said, by reinstating his administrator-level access that the C.I.A. had removed after his workplace disputes. The file matched the documents posted by WikiLeaks nearly a year later, according to the government.

The defense argued that the C.I.A. computer network had weak passwords and widely known security vulnerabilities, and that it was possible other C.I.A. employees or foreign adversaries had breached the system. -New York Times

As the Times notes, Schulte’s legal troubles are far from over, as the government could retry the case. He also faces a separate trial after federal agents found over 10,000 images and videos of child pornography on electronic devices in his home.