Image: ProPublica.

On April 10, 2017, Symantec published a report on Longhorn, a sophisticated organization specialized in cyber-espionage. The shocking thing is the company assures there is a link between the criminal group and the Vault7 leak. In simple words, the article indicates the CIA has been illegally collecting data from people of interest around the world.

Symantec’s report does not name the “Central Intelligence Agency” per se. Instead, it says Longhorn is from a North-American, English-speaking country, and that their targets “would be the interest of a nation-state attacker.”

During the investigation, the cyber-security company identified codenames like SCOOBYSNACKS that make reference to U.S. pop culture. By looking at the date logs, the investigators deduced the hacking group worked office hours which is consistent with the acronym “MTWRFSU (Monday Tuesday Wednesday ThuRsday Friday Saturday SUnday).”

According to the article, the latter is common in academic calendars in North America. But maybe, the most controversial claim in the report is the direct link to the Vault7 case.

What is the Vault7 leak?

The Vault7 leak is the biggest exposal the CIA has suffered in history, and it basically goes like this:

As expected, the Central Intelligence Agency has a vast and sophisticated arsenal of cyber “weapons.” It has everything from viruses, malware, weaponized Zero-Day exploits, among other things.

That “tool” box has been circulating among ex-government hackers and contractors without the CIA’s authorization. It is very likely they were not aware of what was happening.

That was until they saw a significant portion of their cyber-espionage toys exhibited in Wikileaks. Apparently, one of the people with access to the data shared it with the whistleblowing organization. The latter¬†created an archive named “Vault7.”

The topic is much longer, and we will cover it in a separate article, but in short, it says the CIA has been targeting prominent people with cyber warfare. In fact, the conspiracy even involves tech giants like Apple and Samsung.

What’s in the CIA cyber-espionage toolkit?¬†

Symantec managed to identify four “main” pieces of code Longhorn is known for:

  • Backdoor.Plexor
  • Trojan.Corentry
  • Backdoor.Trojan.LH1
  • Backdoor.Trojan.LH2

If you are interested in the technical aspects, I encourage you to read the original report. There, Symantec explains in detail how the organization customizes every attack with information from the person or company which points out at internal collaboration.

Even though the article does not mention anyone, many things would lead anyone to believe the report is denouncing the CIA for its shady practices. However, the cyber-protection firm affirms its goal is to let its users know “Symantec and Norton products have been protecting against Longhorn malware for a number of years.”

Source: Symantec