A range of malware targeting enterprises and businesses since 2011 is reminiscent of the Vault 7 hacking tools discovered by the WikiLeaks organization.
The security firm and antivirus software provider Symantec announced that CIA hacking tools that were exposed by WikiLeaks are closely linked to Trojans and other malware.
These cyber attacks against corporations were lumped together into a malware called Longhorn. Longhorn has attacked over 40 businesses in Europe, Asia, Middle East and Africa, in total 16 different countries. The attacked businesses operate in the financial, energy, telecom, information technology, telecom and natural resources industries. In addition to those, the virus also attacked international NGOs and government institutions.
The security firm Symantec linked Longhorn and the WikiLeaks CIA hacking growth applying changelog data. This data illustrates that CIA hacking tools were upgraded at the same time when new features were added to Longhorn’s tools.
What is more, other similarities include cryptographic practices and the techniques that both malware tools employ to redeem their trace on the infected systems.
Longhorn has used advanced malware tools and zero-day vulnerabilities to infiltrate a string of targets worldwide. Taken in combination, the tools, techniques, and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault 7.
The Longhorn was detected by Symantec in 2014. The security firm provides anti-virus production against the malware and internet security solutions.
The security provider has not found any local targets. However, one computer located in the US was discovered to be compromised with Longhorn. The virus deleted itself and researchers suggest that the infection was an accident.
In addition, the WikiLeaks organization first reported its discovery of the Vault 7 hacking tools in this March. According to the organization, Vault 7 is the largest ever publication of confidential data and information.
A successful 'attack' on a target's computer system is more like a series of complex stock maneuvers in a hostile take-over bid or the careful planting of rumors in order to gain control over an organization's leadership rather than the firing of a weapons system. If there is a military analogy to be made, the infestation of a target is perhaps akin to the execution of a whole series of military maneuvers against the target's territory including observation, infiltration, occupation, and exploitation.
In addition, the attackers behind the malware have developed successful attacks against the most popular internet security packages.