Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

-

Symantec Connects 40 Cyber Attacks to CIA Hacking Tools Exposed by Wikileaks

 

Security researchers have confirmed that the alleged CIA hacking tools recently exposed by WikiLeaks have been used against at least 40 governments and private organizations across 16 countries.

Since March, as part of its "Vault 7" series, Wikileaks has published over 8,761 documents and other confidential information that the whistleblower group claims came from the US Central Intelligence Agency (CIA).

Now, researchers at cybersecurity company Symantec reportedly managed to link those CIA hacking tools to numerous real cyber attacks in recent years that have been carried out against the government and private sectors across the world.

Those 40 cyber attacks were conducted by Longhorn — a North American hacking group that has been active since at least 2011 and has used backdoor trojans and zero-day attacks to target government, financial, energy, telecommunications, education, aerospace, and natural resources sectors.

Although the group's targets were all in the Middle East, Europe, Asia, and Africa, researchers said the group once infected a computer in the United States, but an uninstaller was launched within an hour, which indicates the "victim was infected unintentionally."

What's interesting is that Symantec linked some of CIA hacking tools and malware variants disclosed by Wikileaks in the Vault 7 files to Longhorn cyber espionage operations.


Fluxwire (Created by CIA) ≅ Corentry (Created by Longhorn)


Fluxwire, a cyber espionage malware allegedly created by the CIA and mentioned in the Vault 7 documents, contains a changelog of dates for when new features were added, which according to Symantec, closely resemble with the development cycle of "Corentry," a malware created by Longhorn hacking group.
"Early versions of Corentry seen by Symantec contained a reference to the file path for the Fluxwire program database (PDB) file," Symantec explains. "The Vault 7 document lists removal of the full path for the PDB as one of the changes implemented in Version 3.5.0."
"Up until 2014, versions of Corentry were compiled using GCC [GNU Compiler Collection]. According to the Vault 7 document, Fluxwire switched to an MSVC compiler for version 3.3.0 on February 25, 2015. This was reflected in samples of Corentry, where a version compiled on February 25, 2015, had used MSVC as a compiler."

Similar Malware Modules


Another Vault 7 document details 'Fire and Forget' specification of the payload and a malware module loader called Archangel, which Symantec claims, match almost perfectly with a Longhorn backdoor called Plexor.

"The specification of the payload and the interface used to load it was closely matched in another Longhorn tool called Backdoor.Plexor," says Symantec.

Use of Similar Cryptographic Protocol Practices


Another leaked CIA document outlined cryptographic protocols that should be used within malware tools, such as using AES encryption with a 32-bit key, inner cryptography within SSL to prevent man-in-the-middle attacks, and key exchanges once per connection.

One leaked CIA document also recommends using of in-memory string de-obfuscation and Real-time Transport Protocol (RTP) for communicating with the command and control (C&C) servers.

According to Symantec, these cryptographic protocol and communication practices were also used by Longhorn group in all of its hacking tools.

More About LongHorn Hacking Group


Longhorn has been described as a well-resourced hacking group that works on a standard Monday to Friday working week — likely a behavior of a state-sponsored group — and operates in an American time zone.

Longhorn's advanced malware tools are specially designed for cyber espionage with detailed system fingerprinting, discovery, and exfiltration capabilities. The group uses extremely stealthy capabilities in its malware to avoid detection.

Symantec analysis of the group's activities also shows that Longhorn is from an English speaking North American country with code words used by it referring, the band The Police with code words REDLIGHT and ROXANNE, and colloquial terms like "scoobysnack."

Overall, the functionality described in the CIA documents and its links to the group activities leave "little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."

Comments

Post a Comment

Popular posts from this blog

20 Interesting Facts about WikiLeaks Founder Julian Assange

-
Image
Julian Assange is one of the famous journalists of this time due to his founding of WikiLeaks. He is an Australian publisher, journalist, and computer programming expert. He found the WikiLeaks , a non-profit organization in 2006. He has been the editor-in-chief since the establishment of the WikiLeaks. Although there is much information already floating on the internet about Julian Assange but there is much more about this legend still to discover. His interesting personality makes us more curious to know more about him. 20 interesting facts about Julian Assange His interesting personalities have many facts which can be list down but we have gathered information about his personal and work life which altogether makes him very professional and complete man. The interesting facts about Julian Assange are as follows: #1: Julian Assange was born on 2nd July 1971 in the city of Townsville north Queensland. #2: His father John Shipton was an antiwar activist and his...
Read more

Interesting Facts About C Language

-
Image
Interesting Facts About C Language MOST POPULAR C PROGRAMMING FACTS C Programming language Evolution: ALGO->BCPL->B->Tradition C-> K&R C-> ANSI C-> ANSI/ISO C-> C99. It was developed & released around the year 1972. One of the most interesting facts is that It was developed at Bell Laboratories in 1972 by Dennis Ritchie . The first programming language for the computer was Plankalkul, but C language is seen as the first high-level programming language. It’s really easy and fun to write a C program. Most popular Linux Kernel and most UNIX utilities, what you would call the operating system are written in C.  Evolution in C Programming Language:  1. ALGOL (Internation Group) 2. BCPL (Martin Richards) 3. B (Thompson) 4. Tradition C 5. K&R C (Kernighan And Ritchie) 6. ANSI C (ANSI Committee) 7. ANSI/ISO C (ISO Committee) 8. C99 (Standardization Committee) C is one of the most widely used programming languages of all...
Read more

10 Alarming Cyber Security Facts that Threaten Your Data

-
Image
10 Alarming Cyber Security Facts that Threaten Your Data This may sound like a movie plot, but it’s not  Don’t think that hackers are only targeting corporations, banks or wealthy celebrities. They go for individual users like you and me also. As long as you’re connected to the Internet, you can become a victim of cyber attacks. So that’s why we wanted to walk you through some of the most shocking cyber security facts that you maybe wish you’d known until the present moment. These will give you a much more accurate idea of how dangerous it really is to go online without proper protection. 1.The most wanted cyber criminals in the world In 2016, there were 19 individuals on FBI’s Most Wanted List for cyber criminals you. Each of them was responsible responsible for consumer losses ranging from $350,000 to more than $100 million. In 2018, that same list has 41 cybercriminals from around the world. For example, on the list of FBI’s most wanted cyber crimi...
Read more