Since March, every bit component division of its "Vault 7" series, Wikileaks has published over 8,761 documents too other confidential information that the whistleblower grouping claims came from the US Central Intelligence Agency (CIA).
Now, researchers at cybersecurity fellowship Symantec reportedly managed to link those CIA hacking tools to numerous existent cyber attacks inwards recent years that accept been carried out against the authorities too mortal sectors across the world.
Those xl cyber attacks were conducted yesteryear Longhorn — a North American hacking grouping that has been active since at to the lowest degree 2011 too has used backdoor trojans too zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, too natural resources sectors.
Although the group's targets were all inwards the Middle East, Europe, Asia, too Africa, researchers said the grouping 1 time infected a figurer inwards the United States, simply an uninstaller was launched inside an hour, which indicates the "victim was infected unintentionally."
What's interesting is that Symantec linked about of CIA hacking tools too malware variants disclosed yesteryear Wikileaks inwards the Vault seven files to Longhorn cyber espionage operations.
Fluxwire (Created yesteryear CIA) ≅ Corentry (Created yesteryear Longhorn)
Fluxwire, a cyber espionage malware allegedly created yesteryear the CIA too mentioned inwards the Vault seven documents, contains a changelog of dates for when novel features were added, which according to Symantec, closely resemble amongst the evolution cycle of "Corentry," a malware created yesteryear Longhorn hacking group.
"Early versions of Corentry seen yesteryear Symantec contained a reference to the file path for the Fluxwire programme database (PDB) file," Symantec explains. "The Vault seven document lists removal of the sum path for the PDB every bit 1 of the changes implemented inwards Version 3.5.0."
"Up until 2014, versions of Corentry were compiled using GCC [GNU Compiler Collection]. According to the Vault seven document, Fluxwire switched to an MSVC compiler for version 3.3.0 on Feb 25, 2015. This was reflected inwards samples of Corentry, where a version compiled on Feb 25, 2015, had used MSVC every bit a compiler."
Similar Malware Modules
Another Vault seven document details 'Fire too Forget' specification of the payload too a malware module loader called Archangel, which Symantec claims, jibe most perfectly amongst a Longhorn backdoor called Plexor.
"The specification of the payload too the interface used to charge it was closely matched inwards about other Longhorn tool called Backdoor.Plexor," says Symantec.
Use of Similar Cryptographic Protocol Practices
Another leaked CIA document outlined cryptographic protocols that should last used inside malware tools, such every bit using AES encryption amongst a 32-bit key, inner cryptography inside SSL to forestall man-in-the-middle attacks, too commutation exchanges 1 time per connection.
One leaked CIA document also recommends using of in-memory string de-obfuscation too Real-time Transport Protocol (RTP) for communicating amongst the command too command (C&C) servers.
According to Symantec, these cryptographic protocol too communication practices were also used yesteryear Longhorn grouping inwards all of its hacking tools.
More About LongHorn Hacking Group
Longhorn has been described every bit a well-resourced hacking grouping that plant on a criterion Mon to Fri working calendar week — probable a demeanour of a state-sponsored grouping — too operates inwards an American fourth dimension zone.
Longhorn's advanced malware tools are especially designed for cyber espionage amongst detailed scheme fingerprinting, discovery, too exfiltration capabilities. The grouping uses extremely stealthy capabilities inwards its malware to avoid detection.
Symantec analysis of the group's activities also shows that Longhorn is from an English linguistic communication speaking North American province amongst code words used yesteryear it referring, the band The Police amongst code words REDLIGHT too ROXANNE, too colloquial damage similar "scoobysnack."
Overall, the functionality described inwards the CIA documents too its links to the grouping activities larn out "little doubtfulness that Longhorn's activities too the Vault seven documents are the piece of employment of the same group."
Share This :
comment 0 Comments
more_vert