Vault7 hacking tools found in action

Hacking tools that WikiLeaks claims belong to the CIA, and which were recently unveiled in the Vault7 leak, are being used by a US-based espionage group, a new Symantec report claims.

The group, which security researchers have dubbed Longhorn, has been targeting both government and private industries for years now. It is most likely that the group has been active since 2011, although there is a slight possibility that it has been active since 2007. 

Telecoms, aerospace, financial and energy industries have all been targeted by the group, which has been active in at least 16 countries in the Middle East, Europe, Asia and Africa.

It also targeted someone in the US once, but most likely, by accident.

Symantec says that the malware Longhorn uses is strikingly similar to what WikiLeaks described in Vault7. Cryptographic protocols and source-code compilers are basically identical, as well as methods used to hide malicious traffic. Even though Symantec never explicitly mentions the CIA, it did say that whatever Longhorn used has been included in the Vault7. Basically, no one is disputing WikiLeaks. 

“Longhorn’s malware has an extensive list of commands for remote control of the infected computer. Most of the malware can also be customized with additional plugins and modules, some of which have been observed by Symantec,” the researchers said in a report.

“Longhorn’s malware appears to be specifically built for espionage-type operations, with detailed system fingerprinting, discovery, and exfiltration capabilities. The malware uses a high degree of operational security, communicating externally at only select times, with upload limits on exfiltrated data, and randomization of communication intervals—all attempts to stay under the radar during intrusions."

Image Credit: Welcomia / Shutterstock