Vivo V5s Matte Black
Vivo V5s Matte Black

News Ticker


Symantec Links Longhorn to Vault 7 Leak

Symantec Links Longhorn to Vault 7 Leak
Symantec Links Longhorn to Vault 7 Leak

Symantec revealed Longhorn as the spying tools linked in cyberattacks against at least 40 targets in 16 different countries, as they observed that the tools used by Longhorn closely follow development timelines and technical specifications given in documents disclosed by WikiLeaks.

The company also claimed that a number of documents disclosed by WikiLeaks outlined specifications and requirements for malware tools. One of these is a development timeline for a piece of malware called Fluxwire.

It contains a changelog of dates for when new features incorporated, and these dates align closely with the development of one Longhorn tool tracked by Symantec, which is named Trojan.Corentry. This consistently appeared in samples obtained by Symantec, either on the same date listed in the Vault 7 document or several days later.

Meanwhile, a second Vault 7 document contained Fire and Forget – a specification for user-mode injection of a payload by a tool called Archangel, which closely matched another Longhorn tool called Backdoor.Plexor.

See Also: Symantec's Latest Threat Report Shows Alarming Increase in Targeted Attacks

Another document, however, outlined protocols that malware tools should follow. Again, these requirements align with the cryptographic practices observed by Symantec in all of the Longhorn tools.

Aside from these, other documents show tradecraft practices to be used, and these practices were followed by Longhorn as observed by Symantec.

Symantec continues to track the spying group to learn more about it tools, tactics, and procedures. For the past three years, they’ve been protecting its customers against Longhorn malware with the following detections; Backdoor.Plexor, Trojan.Corentry, Backdoor.Trojan.LH1, and Backdoor.Trojan.LH2.

Share This:

No Comment to " Symantec Links Longhorn to Vault 7 Leak "