Malware that WikiLeaks purports belongs to the Central Intelligence Agency has been definitively tied to an advanced hacking operation that has been penetrating governments and private industries around the world for years, researchers from security firm Symantec say.
Longhorn, as Symantec dubs the group, has infected governments and companies in the financial, telecommunications, energy, and aerospace industries since at least 2011 and possibly as early as 2007. The group has compromised 40 targets in at least 16 countries across the Middle East, Europe, Asia, Africa, and on one occasion, in the US, although that was probably a mistake.
Uncanny resemblance
Malware used by Longhorn bears an uncanny resemblance to tools and methods described in the Vault7 documents. Near-identical matches are found in cryptographic protocols, source-code compiler changes, and techniques for concealing malicious traffic flowing out of infected networks. Symantec, which has been tracking Longhorn since 2014, didn’t positively link the group to the CIA, but it has concluded that the malware Longhorn used over a span of years is included in the Vault7 cache of secret hacking manuals that WikiLeaks says belonged to the CIA. Virtually no one is disputing WikiLeaks’ contention that the documents belong to the US agency.