Symantec says tools described in Vault 7 documents leaked by WikiLeaks have been used against 40 targets in 16 countries in cyberattacks by an organisation previously known as ‘Longhorn’.
Vault 7 of the WikiLeaks dump consisted mainly of tools used by the CIA to penetrate smartphones and other devices such as routers, smart TVs and PCs.
Researchers have been tracking Longhorn since 2014 when they discovered an attack involving a zero day exploit and a backdoor known as ‘Plexor’. There is evidence to suggest the group has been active since 2011 and some early activity was noted in 2007.
The highly sophisticated nature of the tools, the targets (government and international agencies, major industries such as utilities, finance and telecoms) and working patterns led Symantec to conclude Longhorn was a hacking collective from a North American, English speaking country.
On one occasion a computer in the US was accessed, but the fact an uninstaller was launched just hours later has led to the belief this was a mistake.
“Prior to the Vault 7 leak, Symantec’s assessment of Longhorn was that it was a well-resourced organisation which was involved in intelligence gathering operations,” said Symantec.
“This assessment was based on its global range of targets and access to a range of comprehensively developed malware and zero-day exploits. The group appeared to work a standard Monday to Friday working week, based on timestamps and domain name registration dates, behaviour which is consistent with state-sponsored groups.”
Documents outlined the specifications for malware tools, along with roadmaps and timestamps that share the same development trajectory as Longhorn’s methods. For example, a piece of software described in the leak called ‘Fluxwire’ is the same as Longhorn’s ‘Trojan.Corentry’.
Moreover there are similarities in cryptography, command and control communications and other practices.
“The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks,” added Symantec.
“The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.”
WikiLeaks has said it will work with manaufacturers to close the fixes for the vulnerabilities exposed in the file dump and give them “exclusive access” to some documents before disclosing more information.
Discover how emerging technologies like AI, blockchain, and edge computing are set to revolutionise industries…
US Federal Aviation Administration approves SpaceX's Falcon 9 rockets to return to service following second-stage…
Social media platform X drops Unilever from lawsuit against advertisers after reaching agreement on 'safety…
US Congressional Representatives ask for answers from AT&T, Verizon, Lumen Technologies after wiretap networks reportedly…
Swedish EV battery start-up Northvolt in talks for 200m euros in short-term funding as it…
US labour officials say Apple illegally restricted employees' right to discuss workplace issues on Slack…