Symantec has found that a cyber espionage group dubbed “Longhorn” has used tools and protocols specified in the Vault 7 leak of alleged CIA hacking devices.
The company said Monday Longhorn has used the tools and techniques to launch cyber attacks against an estimated 40 targets in 16 countries across the Middle East, Europe, Asia and Africa.
WikiLeaks published more than 7,000 webpages of documents in March on alleged CIA-backed hacking materials used to gain access to computers, smartphones and other personal devices.
Symantec said in its study the “close similarities” in the technical specifications, development timelines, cryptographic protocols and anti-detection measures between Longhorn’s activities and the Vault 7 documents indicate they can be attributed to the same group.
The study notes Longhorn has been active since 2011 and has launched attacks against governments, international organizations and targets in the financial, telecommunications, energy, aerospace, information technology, education and natural resources sectors.
Its activities also point to indicators that could mean Longhorn is a well-resourced, state-sponsored cyber espionage group that follows a standard work week and is from an English-speaking North American country, Symantec added.