Since March, equally component of its "Vault 7" series, Wikileaks has published over 8,761 documents in addition to other confidential information that the whistleblower grouping claims came from the US Central Intelligence Agency (CIA).
Now, researchers at cybersecurity fellowship Symantec reportedly managed to link those CIA hacking tools to numerous existent cyber attacks inwards recent years that convey been carried out against the regime in addition to someone sectors across the world.
Those twoscore cyber attacks were conducted yesteryear Longhorn — a North American hacking grouping that has been active since at to the lowest degree 2011 in addition to has used backdoor trojans in addition to zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, in addition to natural resources sectors.
Although the group's targets were all inwards the Middle East, Europe, Asia, in addition to Africa, researchers said the grouping 1 time infected a reckoner inwards the United States, precisely an uninstaller was launched inside an hour, which indicates the "victim was infected unintentionally."
What's interesting is that Symantec linked roughly of CIA hacking tools in addition to malware variants disclosed yesteryear Wikileaks inwards the Vault seven files to Longhorn cyber espionage operations.
Fluxwire (Created yesteryear CIA) ≅ Corentry (Created yesteryear Longhorn)
Fluxwire, a cyber espionage malware allegedly created yesteryear the CIA in addition to mentioned inwards the Vault seven documents, contains a changelog of dates for when novel features were added, which according to Symantec, closely resemble amongst the evolution wheel of "Corentry," a malware created yesteryear Longhorn hacking group.
"Early versions of Corentry seen yesteryear Symantec contained a reference to the file path for the Fluxwire plan database (PDB) file," Symantec explains. "The Vault seven document lists removal of the amount path for the PDB equally 1 of the changes implemented inwards Version 3.5.0."
"Up until 2014, versions of Corentry were compiled using GCC [GNU Compiler Collection]. According to the Vault seven document, Fluxwire switched to an MSVC compiler for version 3.3.0 on Feb 25, 2015. This was reflected inwards samples of Corentry, where a version compiled on Feb 25, 2015, had used MSVC equally a compiler."
Similar Malware Modules
Another Vault seven document details 'Fire in addition to Forget' specification of the payload in addition to a malware module loader called Archangel, which Symantec claims, represent well-nigh perfectly amongst a Longhorn backdoor called Plexor.
"The specification of the payload in addition to the interface used to charge it was closely matched inwards roughly other Longhorn tool called Backdoor.Plexor," says Symantec.
Use of Similar Cryptographic Protocol Practices
Another leaked CIA document outlined cryptographic protocols that should last used inside malware tools, such equally using AES encryption amongst a 32-bit key, inner cryptography inside SSL to forestall man-in-the-middle attacks, in addition to cardinal exchanges 1 time per connection.
One leaked CIA document also recommends using of in-memory string de-obfuscation in addition to Real-time Transport Protocol (RTP) for communicating amongst the command in addition to command (C&C) servers.
According to Symantec, these cryptographic protocol in addition to communication practices were also used yesteryear Longhorn grouping inwards all of its hacking tools.
More About LongHorn Hacking Group
Longhorn has been described equally a well-resourced hacking grouping that plant on a measure Mon to Fri working calendar week — probable a demeanor of a state-sponsored grouping — in addition to operates inwards an American fourth dimension zone.
Longhorn's advanced malware tools are particularly designed for cyber espionage amongst detailed scheme fingerprinting, discovery, in addition to exfiltration capabilities. The grouping uses extremely stealthy capabilities inwards its malware to avoid detection.
Symantec analysis of the group's activities also shows that Longhorn is from an English linguistic communication speaking North American dry soil amongst code words used yesteryear it referring, the band The Police amongst code words REDLIGHT in addition to ROXANNE, in addition to colloquial damage similar "scoobysnack."
Overall, the functionality described inwards the CIA documents in addition to its links to the grouping activities instruct out "little doubtfulness that Longhorn's activities in addition to the Vault seven documents are the piece of job of the same group."
