Symantec says tools described in Vault 7 documents leaked by WikiLeaks have been used against 40 targets in 16 countries in cyberattacks by an organisation previously known as ‘Longhorn’.
Vault 7 of the WikiLeaks dump consisted mainly of tools used by the CIA to penetrate smartphones and other devices such as routers, smart TVs and PCs.
Researchers have been tracking Longhorn since 2014 when they discovered an attack involving a zero day exploit and a backdoor known as ‘Plexor’. There is evidence to suggest the group has been active since 2011 and some early activity was noted in 2007.
The highly sophisticated nature of the tools, the targets (government and international agencies, major industries such as utilities, finance and telecoms) and working patterns led Symantec to conclude Longhorn was a hacking collective from a North American, English speaking country.
On one occasion a computer in the US was accessed, but the fact an uninstaller was launched just hours later has led to the belief this was a mistake.
“Prior to the Vault 7 leak, Symantec’s assessment of Longhorn was that it was a well-resourced organisation which was involved in intelligence gathering operations,” said Symantec.
“This assessment was based on its global range of targets and access to a range of comprehensively developed malware and zero-day exploits. The group appeared to work a standard Monday to Friday working week, based on timestamps and domain name registration dates, behaviour which is consistent with state-sponsored groups.”
Documents outlined the specifications for malware tools, along with roadmaps and timestamps that share the same development trajectory as Longhorn’s methods. For example, a piece of software described in the leak called ‘Fluxwire’ is the same as Longhorn’s ‘Trojan.Corentry’.
Moreover there are similarities in cryptography, command and control communications and other practices.
“The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks,” added Symantec.
“The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.”
WikiLeaks has said it will work with manaufacturers to close the fixes for the vulnerabilities exposed in the file dump and give them “exclusive access” to some documents before disclosing more information.
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…
Two updates to Anthropic's AI chatbot Claude sees arrival of a new business-focused plan, as…