WikiLeaks Vault 7 Leak Suggests CIA Ties To Notorious Hacking Group
Earlier this month, Symantec published a new post on its official blog, which concerned the possibility of the CIA being behind a notorious hacking group that the cyber security company has been tracking for years. Symantec stated that it has managed to connect the exposed CIA files and tools to at least 40 attacks that were carried out across 16 countries around the world.
The report focused on the techniques that were used in attacks carried out by a group that Symantec has named Longhorn, which is, apparently, behind all the previously mentioned attacks. The security company stopped short of making the claim that Longhorn is comprised of CIA agents, but presented evidence that strongly suggests that this is the case.
The report read that: "The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. The Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."
Symantec has stated that Longhorn appears to be active since at least 2011, but there is evidence that suggests that the activity of this group can be traced back all the way to 2007. The group first caught the attention of Symantec back in 2014, when it used the CVE-2014-4148 zero-day exploit of a Word document to infect an individual target with the Plexor malware. This infection bore "all the hallmarks of a sophisticated cyberespionage group."
According to Symantec, Longhorn has infiltrated both governments, internationally operating organizations, and targets in the natural resources, energy, financial, telecoms, education, information technology, and aerospace sectors. Although Symantec hasn't given any names, the cyber security company has stated that the targets of Longhorn were located in Europe, Asia, Africa, and the Middle East. There was even one incident in which a computer in the United States was compromised, but the malware was uninstalled just several hours later, indicating that this infection was likely unintentional.
Symantec noticed that the CIA leaks had a lot of information that aligned with the development of one of Longhorn's tools, a trojan named Corentry, which the company had been tracking. New features that were added to the trojan appeared in documents, whose dates matched the time at which Symantec was able to obtain samples containing similar changes to the Corentry trojan, indicating that this was the exact specific malicious program described in the leaked document.
Other tools, such as Forget and Fire, were also detailed in some of the material from the Vault 7 leak. Symantec has managed to link most of the tools used by Longhorn to information that was found in the leaked CIA documents, suggesting that the hacking group is, indeed, part of the CIA. Another thing that suggests that are the timestamps on the work that indicated the team was working a Monday to Friday job in a time zone somewhere in the Americas. Code words that were found in the malware, such as SCOOBYSNACK are also familiar in North America, strengthening the connection.
Even from the beginning, it was clear that Symantec was dealing with a state-sponsored group in the face of Longhorn. The CIA documents leaked by WikiLeaks leave little doubt about the state agency that has been behind the Longhorn hacking group all these years.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.