Cloud Hosting

According to a blog posted Monday, internet security giant Symantec has linked real-world cyberattacks to the tools detailed in the Vault 7 WikiLeaks dump.

Since 2011, Symantec has tracked a group they called Longhorn, that used sophisticated software exploits against organizations that would be of interest to a nation-state attacker. The blog post never specifically mentions the CIA, instead assessing that the Longhorn group exhibited behavior which is consistent with state-sponsored groups and that there were indicators that Longhorn was from an English-speaking, North American country. Longhorn even used SCOOBYSNACK as a code word in their malware.

Symantec says that they found that the group infected 40 targets in at least 16 countries across the globe:

Longhorn has infiltrated governments and internationally operating organizations, in addition to targets in the financial, telecoms, energy, aerospace, information technology, education, and natural resources sectors.

To tie the WikiLeaks information to their investigation of Longhorn, Symantec found that the software detailed in Vault 7 followed a development timeline that they saw in real-world scenarios. One piece of software known as Corentry to Symantec and referred to as Fluxwire by WikiLeaks provided particularly compellingevidence:

New features in Corentry consistently appeared in samples obtained by Symantec either on the same date listed in the Vault 7 document or several days later, leaving little doubt that Corentry is the malware described in the leaked document.

Symantecs investigation found that the attacks were carried out across the Middle East, Europe, Asia, and Africa. On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally. According to Reuters, Symantec did not track any mass surveillance tools and all of the targets held national security value. However, Symantecs Eric Chien told Reuters that,

there are organizations in there that people would be surprised were targets.

Symantecs Stephen Doherty told Wired that they had been tracking the Longhorn group for many years, but Vault 7 was key in pin-pointing their identity. [T]he tools and activity we had been tracking from Longhorn closely match some of the information disclosed in Vault 7, said Doherty.

Symantecs efforts mark the first real-world example of the Vault 7 tools being used. However Doherty said that they have not yet found additional links:

We track a lot of groups and a lot of actors and we havent seen any specific details that would link to any other malware at the moment.

While the CIA understandably denies the authenticity of the tools and documents contained in Vault 7, the government has attempted to blockthe leaks from being admitted into court cases because they should be considered classified. That action, paired with expert analysis by industry leaders like Symantec, shows that the WikiLeaks collection is likely real.

See original here:
Internet Security Firm Confirms WikiLeaks 'Vault 7' At Least 40 Cyberattacks Tied to the CIA - The Ring of Fire Network