Symantec: CIA-linked tools used in cyberattacks against at least 40 targets

Updated 2017-04-11 10:00:41 Xinhua

Symantec Corporation, a cybersecurity business, said Monday spying tools and operational protocols detailed in the recent “Vault 7” leak, by Web publisher Wikileaks, have been used in cyberattacks against at least 40 targets in 16 different countries.

Although Symantec, headquartered in Mountain View, California, on the U.S. West Coast, did not mention the origin of the Vault 7 in its Security Response posting, Wikileaks pointed its finger to the U.S. Central Intelligence Agency (CIA) on March 7, when it released a new series of confidential documents.

Code-named Vault 7 by WikiLeaks, the 8,761 documents and files were said to be from an isolated, high-security network inside the CIA's Center for Cyber Intelligence.

On its part, Symantec called the group using the Vault 7 tools “Longhorn” and notified that the tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks, adding that “the Longhorn group shares some of the same cryptographic protocols specified in the Vault 7 documents, in addition to following leaked guidelines on tactics to avoid detection. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group.”

Active since at least 2011, Longhorn has used a range of back door Trojans in addition to zero-day vulnerabilities to compromise its targets, infiltrating governments and internationally operating organizations, in addition to targets in the financial, telecoms, energy, aerospace, information technology, education, and natural resources sectors, according to Symantec. And all of the organizations targeted would be of interest to a nation-state attacker.

“Longhorn has infected 40 targets in at least 16 countries across the Middle East, Europe, Asia, and Africa,” Symantec said in a posting on its website. “On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally.”

In addition, before deploying malware to a target, the Longhorn group has been found to preconfigure it with what appears to be target-specific code words and distinct domains and (Internet Protocol) IP addresses for communications back to the attackers.

Also in the News

Nicole Kidman Recalls Oscar Glory: Loneliest Time
Showbiz2016/06/16 13:58July 23 2018 06:03:27

Nicole Kidman Recalls Oscar Glory: Loneliest Time

Attending Shanghai International Film Festival, Nicole Kidman talks about her role in "Grace of Monaco".

Labor Day Travel Peak Starts
Also in the News2014/05/01 12:16July 23 2018 06:03:27

Labor Day Travel Peak Starts

Johnny Depp Delivers a Speech 'Evolve the Future' in 'Transcendence'
Also in the News2014/04/18 13:18July 23 2018 06:03:27

Johnny Depp Delivers a Speech 'Evolve the Future' in 'Transcendence'

Hollywood star Johnny Depp's speech in the upcoming new film "Transcendence" has been disclosed on Friday, April 11th.

Most Watched

China World Business Sports Showbiz Audio
C4 My Chinese Life The Sound Stage China Revealed Showbiz Video Travel Video
China World Fun Travel Entertainment Sports
Beijing Shanghai Guangzhou
Live Music Opera & Classical Movies Traditional Shows Exhibitions
Learn Chinese:
Chinese Studio Living Chinese Everyday Chinese Just For Fun Chinese Culture Buzzwords