"Taken in combination, the tools, techniques, and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault7."Įxhibit A in Symantec's case are Vault7 documents describing malware called Fluxwire. "Longhorn has used advanced malware tools and zero-day vulnerabilities to infiltrate a string of targets worldwide," Symantec researchers wrote in a blog post published Monday. Virtually no one is disputing WikiLeaks' contention that the documents belong to the US agency. Symantec, which has been tracking Longhorn since 2014, didn't positively link the group to the CIA, but it has concluded that the malware Longhorn used over a span of years is included in the Vault7 cache of secret hacking manuals that WikiLeaks says belonged to the CIA. Near-identical matches are found in cryptographic protocols, source-code compiler changes, and techniques for concealing malicious traffic flowing out of infected networks.
Malware used by Longhorn bears an uncanny resemblance to tools and methods described in the Vault7 documents. The group has compromised 40 targets in at least 16 countries across the Middle East, Europe, Asia, Africa, and on one occasion, in the US, although that was probably a mistake.
Further Reading WikiLeaks publishes docs from what it says is trove of CIA hacking toolsLonghorn, as Symantec dubs the group, has infected governments and companies in the financial, telecommunications, energy, and aerospace industries since at least 2011 and possibly as early as 2007.
0 kommentar(er)
