Last month, WikiLeaks released a massive dump of files from their so called Vault7. The large variety of hacking tools within were attributed to the Central Intelligence Agency’s hacking group. Since then, numerous exploits found within have been exposed and in some cases fixed. With more time with the files, researchers have now been able to link some of the tools from the CIA vault to those running in the wild.
According to security firm Symantec, the CIA hacking tools bear an uncanny resemblance to those used by the so-called Longhorn hacking group. Key hints popped up in the changes in compiler use, encryption standards and procedures followed by Longhorn. These lines up exactly with the documentation in Vault7, suggesting that the CIA and Longhorn groups are at the very least closely linked if not one and the same.
Symantec has been tracking the Longhorn group since 2014. The group has conducted campaigns against governments and companies in the financial, telecommunications, energy, and aerospace sectors. Most of the targets were in 16 countries in the Middle East, Europe, Asia, Africa, and once in the United States. Symantec had also determined that the group was well-funded, operated on a Monday to Friday schedule and operated from North America. With the help of the WikiLeaks breach, Symantec has been able to make a compelling case tying Longhorn to CIA rather than the myriad number of US intelligence services.
