The most recent WikiLeaks dilemma dubbed Vault 7 made headlines about a month ago, and now Symantec is reporting evidence that may possibly connect those tools to cybercrimes.
Symantec reported a link between the Longhorn cyberespionage group and the tools found in alleged CIA documents posted by WikiLeaks last month. The leak was dubbed Vault 7 and reportedly gives information on how the CIA infects target computers with malware, spies on encrypted messages and much more.
However, according to Symantec, putting information on Vault 7 and Longhorn side by side led them to believe that Longhorn and the CIA are one. The Longhorn group has reportedly been around since 2011 and has taken aim at 40 devices across 16 countries. Symantec said that only one device in the states was targeted and an uninstaller took care of it within just a few hours.
Longhorn has reportedly placed a target on governments along with members of the financial, telecoms, information technology, energy, education, and other verticals. The group “has used a range of back door Trojans in addition to zero-day vulnerabilities to compromise its targets,” according to Symantec.
The vendor went on to say that information has convinced them that the hacking is being done in the “name of national interests rather than for personal gain.”
Symantec also stated that Vault7 documents are similar to what it knows about Longhorn. It references specific malware, protocols and more that connect the CIA and Longhorn. And long before the leak, some may have known that Longhorn was based in North America; but this hasn’t been proven.
“A number of documents disclosed by WikiLeaks outline specifications and requirements for malware tools. One document is a development timeline for a piece of malware called Fluxwire, containing a changelog of dates for when new features were incorporated. These dates align closely with the development of one Longhorn tool (Trojan.Corentry) tracked by Symantec,” according to the post. “New features in Corentry consistently appeared in samples obtained by Symantec either on the same date listed in the Vault 7 document or several days later, leaving little doubt that Corentry is the malware described in the leaked document.”
A major takeaway from all of this is that the CIA allegedly re-uses malware that once belonged to cybercriminals, and they may be behind a well-known hacking group. Some say the truth always comes out, but will it this time?