SYMANTEC

Symantec Links Longhorn Hacking Group to a Series of Cyber-attacks

Symantec recently disclosed crucial information about Longhorn, a cyber warfare operation that could have possibly orchestrated a total of 40 cyber-attacks across countries. First exposed in a Wikileaks release, the news has spread panic of some sorts across industry circles because of the alleged involvement of CIA behind the attacks. America’s premier intelligence agency is known to have its own shares of controversies, but this story of cyberespionage shows how vulnerable institutions are to secret hacking tools that are disposed to illegally access valuable information. Code-named "Vault 7" by WikiLeaks, it is the largest ever publication of confidential documents on the agency. Due to company norms, Symantec has declined naming CIA as the major offender of the cyber-attacks publicly.

Meanwhile, CIA has passed on the accusations made by Wikileaks as untrue stating that any WikiLeaks disclosures aimed at damaging the intelligence community “not only jeopardize US personnel and operations, but also equip our adversaries with tools and information to do us harms. “It is important to note that CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and CIA does not do so,” Horniak said.

Symantec announced that Longhorn might have been active since 2011 and contributed in the hacking of phones, computers and other electronic gear of governments and NGOs, as well as financial, energy, and natural resource companies. “Before deploying malware to a target, the Longhorn group will preconfigure it with what appears to be target-specific code words, and distinct C&C domains and IP addresses for communications back to the attackers,” said Symantec.

The hacking tools used by CIA were not meant for imposing mass surveillance, but were rather directed towards government entities for other reasons, said Symantec. Symantec also found out that the coding was composed of specific words such as ‘groupid’ and ‘siteid’, indicating the presence of an English-speaking nation. Cyber-attacks built for espionage-type operations have already affected organizations in Middle East, Europe, Asia and Africa.

Symantec added, “Longhorn has used advanced malware tools and zero-day vulnerabilities to infiltrate a string of targets worldwide. Taken in combination, the tools, techniques and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault7.