Symantec Links 'Longhorn' Group to CIA Hacking Files
Anti-Malware
,
Technology
Researchers Count at Least 40 Longhorn Targets Across 16 Countries
Symantec sees a strong correlation between hacking techniques used by a group that it calls Longhorn, and the alleged CIA network exploitation documents released by WikiLeaks.
See Also: 2017 Predictions on Data Security: Insights on Important Trends in Security for the Banking Industry
Upwards of 40 targets in 16 countries appear to have been attacked by Longhorn, although Mountain View, Calif.-based Symantec did not explicitly say the group was the CIA.
The security firm says it has been blocking attacks for the last three years that it attributes to Longhorn.
“The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks,” security researchers at Symantec write in a blog post. “Given the close similarities between the tools and techniques, there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.”
Since March 7, WikiLeaks has released four batches of files from the agency, as part of a leak it calls Vault 7. The CIA hasn’t confirmed the veracity of the documents. But agency spokeswoman
Curiously, Symantec researchers were watching one time when Longhorn suddenly backed off a target.
“On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally,” it writes.
The combination of valuable zero-day flaws as well as the used of advanced malware attack capabilities seen in Longhorn attacks leave little doubt that this is the work of a single group, Symantec says. “Taken in combination, the tools, techniques, and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault 7.”
Executive Editor Mathew Schwartz also contributed to this story.