Cyber security company Symantec has found spying and hacking tools and operational protocols detailed in the recent Vault 7 leak have been used in cyberattacks against at least 40 targets in 16 different countries by a group Symantec has dubbed Longhorn.
Since March 7, WikiLeaks has released four batches of files, allegedly originating from the US Central Intelligence Agency (CIA) as part of a leak it calls Vault 7. iTWire’s latest article is here.
Longhorn’s malware appears to be specifically built for espionage-type operations, with detailed system fingerprinting, discovery, and exfiltration capabilities. The malware uses a high degree of operational security, communicating externally at only select times, with upload limits on exfiltrated data, and randomization of communication intervals—all attempts to stay under the radar during intrusions.
Symantec says the discovery is doubly significant.
- The tools used by the Longhorn group closely follow development timelines and technical specifications laid out in the Vault 7 documents disclosed by WikiLeaks.
- Symantec’s analysis is that the group is a well-resourced intelligence-gathering organisation based in North America, and has used these spying tools in cyber-attacks against targets in at least 16 different countries across the Middle East, Europe, Asia and Africa.
{loadposition ray}
Symantec says it has been blocking attacks for the last three years that it attributes to Longhorn. In a security research blog it states, "The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."
Reading between the lines this is as close as Symantec can get without directly stating that the CIA and Longhorn could be one and the same.
A CIA spokesperson Heather Fritz Horniak told Reuters that the disclosures from WikiLeaks "not only jeopardize U.S. personnel and operations, but also equip our adversaries with tools and information to do us harm. It is important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so."