Security firm links CIA leaks to series of past attacks

Security firm links CIA leaks to series of past attacks
© Getty Images

The security firm Symantec believes it has observed one of the hacking tools described in CIA files released by WikiLeaks to a series of different attacks dating back to 2011. 

WikiLeaks's latest series of leaks, dubbed "Vault 7," allegedly comes from a secure CIA server. The documents focus on descriptions of CIA hacking tools, including one called Fluxwire that Symantec believes matches malware the firm had been calling Corentry. Symantec attributed Corentry to an espionage group it had been calling Longhorn.

 Symantec released a writeup connecting the attacks to the CIA documents on Monday morning.


According to that report, Longhorn targeted at least 40 computers in 16 countries across the Middle East, Europe, Asia and Africa. The attacks used a variety of different, exclusive tools and struck governmental, financial, telecommunications, energy, aerospace, information technology, education and natural resources sectors.

Symantec said it also identified a Longhorn attack on a U.S. system but believes the attack might have been an error. Within hours of infecting that system, the attacker uninstalled the program on its own. 

Though WikiLeaks did not release the source code for Fluxwire, Symantec reports that the functionality described in the files and timeline of specific updates to the software leave "little doubt that Longhorn's activities and the Vault 7 documents are the work of the same group."