Home Security Symantec links use of Vault 7 cyber espionage tools to 'Longhorn'

Symantec links use of Vault 7 cyber espionage tools to 'Longhorn'

Cyber security company Symantec has found spying and hacking tools and operational protocols detailed in the recent Vault 7 leak have been used in cyber attacks against at least 40 targets in 16 different countries by a group Symantec has dubbed Longhorn.

Since 7 March, WikiLeaks has released four batches of files, allegedly originating from the CIA as part of a leak it calls Vault 7. iTWire’s latest article is here.

Longhorn’s malware appears to be specifically built for espionage-type operations, with detailed system fingerprinting, discovery, and exfiltration capabilities. The malware uses a high degree of operational security, communicating externally at only select times, with upload limits on exfiltrated data, and randomisation of communication intervals – all attempts to stay under the radar during intrusions.

Symantec says the discovery is doubly significant.

  • The tools used by the Longhorn group closely follow development timelines and technical specifications laid out in the Vault 7 documents disclosed by WikiLeaks.
  • Symantec’s analysis is that the group is a well-resourced intelligence-gathering organisation based in North America, and has used these spying tools in cyber attacks against targets in at least 16 different countries across the Middle East, Europe, Asia and Africa.

Symantec says it has been blocking attacks for the last three years that it attributes to Longhorn. In a security research blog it states, "The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."

Reading between the lines this is as close as Symantec can get without directly stating that the CIA and Longhorn could be one and the same.

A CIA spokesperson Heather Fritz Horniak told Reuters that the disclosures from WikiLeaks, "not only jeopardise US personnel and operations, but also equip our adversaries with tools and information to do us harm. It is important to note that the CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and the CIA does not do so."


Did you know: 1 in 10 mobile services in Australia use an MVNO, as more consumers are turning away from the big 3 providers?

The Australian mobile landscape is changing, and you can take advantage of it.

Any business can grow its brand (and revenue) by adding mobile services to their product range.

From telcos to supermarkets, see who’s found success and learn how they did it in the free report ‘Rise of the MVNOs’.

This free report shows you how to become a successful MVNO:

· Track recent MVNO market trends
· See who’s found success with mobile
· Find out the secret to how they did it
· Learn how to launch your own MVNO service


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!