Home Security Symantec links use of Vault 7 cyber espionage tools to 'Longhorn'

Cyber security company Symantec has found spying and hacking tools and operational protocols detailed in the recent Vault 7 leak have been used in cyber attacks against at least 40 targets in 16 different countries by a group Symantec has dubbed Longhorn.

Since 7 March, WikiLeaks has released four batches of files, allegedly originating from the CIA as part of a leak it calls Vault 7. iTWire’s latest article is here.

Longhorn’s malware appears to be specifically built for espionage-type operations, with detailed system fingerprinting, discovery, and exfiltration capabilities. The malware uses a high degree of operational security, communicating externally at only select times, with upload limits on exfiltrated data, and randomisation of communication intervals – all attempts to stay under the radar during intrusions.

Symantec says the discovery is doubly significant.

  • The tools used by the Longhorn group closely follow development timelines and technical specifications laid out in the Vault 7 documents disclosed by WikiLeaks.
  • Symantec’s analysis is that the group is a well-resourced intelligence-gathering organisation based in North America, and has used these spying tools in cyber attacks against targets in at least 16 different countries across the Middle East, Europe, Asia and Africa.

Symantec says it has been blocking attacks for the last three years that it attributes to Longhorn. In a security research blog it states, "The tools used by Longhorn closely follow development timelines and technical specifications laid out in documents disclosed by WikiLeaks. Given the close similarities between the tools and techniques, there can be little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."

Reading between the lines this is as close as Symantec can get without directly stating that the CIA and Longhorn could be one and the same.

A CIA spokesperson Heather Fritz Horniak told Reuters that the disclosures from WikiLeaks, "not only jeopardise US personnel and operations, but also equip our adversaries with tools and information to do us harm. It is important to note that the CIA is legally prohibited from conducting electronic surveillance targeting individuals here at home, including our fellow Americans, and the CIA does not do so."


Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.


Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities