CIA hacking

Researchers have found close resemblance 40 Cyber Attacks & Wikileaks Documents

Researchers has announced a study made by them on 40 cyber attacks conducted by LongHorn. The patterns of tools & techniques that were used by the hacker have very close resemblance that are described n Vault 7.

Wikileaks Vault 7 Resemblance in 40 cyber attacks

During this month a very hot topic is raised by Wikileaks. The document released in public by Wikileaks are named as Vault 7. After a team of researchers have studied these documents & they also have a quite interesting story about the tools in cyber attacks.

Also Read : Most Popular Hacking Tools in Kali Linux

Researchers at LongHorn have concluded & relate 40 cyber attacks that were made in 16 countries. According to the these attacks were conducted by a cyber group called LongHorn. They also said that the details in the document of Vault 7 & LongHorn have a very high resemblance. many technical specifications are matched totally.

40 cyber attacks
40 cyber attacks

Conclusion by Symantec Researchers

LongHorn is using Trojans and 0-day bugs attacks to many government firms , telecoms & IT firms since 2010.

After all these conclusion Symantec researchers said in a blog post that Vault 7 activities & LongHorn activities are done by a some group & are somehow related to each other.

Vault 7 has described a tool called FluxWire which is developed on the base of Trojan. Another tool callen Corentry also belongs to LongHorn.

As many features of Corentry and the sample that is shown in Vault 7 document are apparently similar.

Another tool called archangel has a quite similar interface with LongHorn Tool called plexor backdoor.

The cryptographic methods of Vault 7 & Longhorn are also same. This includes AES & 32 bit key one key per connection. This practice prevents from MITM attacks.

LongHorn was first detected in 2014 by Symantec when they were using 0-day exploit to infect the host with plexor. After they analyze the attack , they knew that the attackers have good knowledge about the victim. The tools used in the attacks were Corentry, Plexor, Backdoor.Trojan.LH1, and Backdoor.Trojan.LH2.

Before the Vault 7 documents were released, Symantec have assumed the attakers as an informtion gathering group. But after the documents are released , the official statement of Symantec have chnaged & the link has gone through CIA.

They added “Taken in combination, the tools, techniques, and procedures employed by Longhorn are distinctive and unique to this group, leaving little doubt about its link to Vault 7.”

Also Read : What is the best way to backup your Smartphone data -Android phone or iPhone

That’s it for now. If you like Google Gboard Tips & tricks, please write a comment for us to let us know. Like us on Facebook or subscribe us to get all the daily updates from us. Thank You.

Wikileaks claims a new document that shows CIA is hacking Windows PC using Grasshopper program

Th document leaked by Wikileaks in forwarding the vault 7 series has a new update. Wikileaks has released a new set of 27 documents that belongs to CIA Grasshopper Program.

Wikileaks reveals CIA Grasshopper Program

This set of 27 documents is named as grasshopper. It reveals a CLI framework that is developed by CIA that brings malware designed to breach Windows OS security & bypass anti-virus protection.

According to Wikileaks , all the 27 documents is a super manual which is a secret document for CIA. These documents can only be accessed by member of agency.

What is CIA Grasshopper Program

These documents provide enough knowledge to the member of CIA that can analyze a computer’s internal architecture & create a custom malware that can bypass all the security path & reach to the security of computer.

Also Read : Some Websites where you can code & compile your Programs

After the study of a system is complete, Grasshopper provides a custom windows installer program that needs to be installed in the computer of the victim.

CIA Grasshopper Program
CIA Grasshopper Program

The grasshopper executable has single or multiple exe files in the installer. All the exe files are working in the stack manner. One by one & in first in last out algorithm. The basic work of this malware will be to persist a payload.

The custom malware designed through Grasshopper can’t be detected by any anti-virus. The most efficient anti-virus like Kaspersky Lab, Symantec, and Microsoft are not able to detect its presence.

Wikileaks claims that the Grasshopper program is very easy to use and the malware that is generated by the program is very persistent in a Windows computer.

Grasshopper – Copied from a Russian Hacker’s program

One more thing that Wikileaks says is that the Grasshopper program is based upon the tool that is used by cyber criminals across the world. CIA took that hacking tool & modify the program for its own purpose.

The most popular that is doubted to be copied is a Russian Malware called Carberp. According to a statement of the official document “The persistence method and parts of the installer were taken and modified to fit our needs, A vast majority of the original Carberp code that was used has been heavily modified. Very few pieces of the original code exist unmodified.”

Wikileaks had not made clear that how much the tool was used but it was used in the year 2012 to 2015.

So far wikileaks has released many documents in the same series that are

  • Year Zero
  • CIA hacking exploits
  • Dark Matter
  • Marble

Also Read : Google launched a new Fake News Checking Tool for Google News & Search

Thank You.