To folks at the cybersecurity firm Symantec, the hacking group they call “Longhorn” has always seemed like a state actor.
The group has hacked 40 “targets” in 16 nations, according to Symantec. Longhorn has gone after governments as well as groups involved in finance, energy, telecommunications, education and much more.
“All of the organizations targeted would be of interest to a nation-state attacker,” the Symantec Security Response team wrote on Monday.
They now believe that “nation-state attacker” is the CIA.
Symantec doesn’t say it outright, but it’s hard to come to any other conclusion. Longhorn uses the same malware and hacking techniques laid out in documents published by Wikileaks in a release called Vault 7. Wikileaks says those documents belong to the CIA, and — despite Wikileaks’s relatively new penchant for Russian government propaganda — basically no one doubts the claim.
Longhorn also uses tricks to cover their tracks that are outlined in the documents. Given all that, Symantec says “there can be little doubt that Longhorn’s activities and the Vault 7 documents are the work of the same group.” Read More