Home / / Symantec forces Longhorn cyberespionage group into the spotlight

Symantec forces Longhorn cyberespionage group into the spotlight

According to Symantec’s research, Longhorn has infected targets in at least 16 countries across Middle East, Europe, Asia and Africa.

Symantec forces Longhorn cyberespionage group into the spotlight
Symantec first became aware of Longhorn's activities back in 2014, when the cyberespionage group released a zero-day exploit embedded in a Word document to infect a target with Plexor.

Cybersecurity specialist Symantec recently unveiled research findings surrounding the recent Vault 7 leak, which explored how the exposure of spying tools and operational protocols have led to cyberattacks against 40 targets across 16 countries.

Symantec's findings also exposed the source of these cyberattacks, the so-called Longhorn cyberespionage group that has been active since 2011.

Since its inception, the Longhorn group have utilised a variety of back door Trojans and zero-day vulnerabilities to compromise its targets. These included government and international organisations, as well as enterprises in the financial, telecoms, energy, IT, aerospace, natural resources and education sectors.

According to Symantec, the tools and attacks patterns utilised by Longhorn closely follow the technical specifications as detailed in the documents exposed by WikiLeaks. The timeline of development of Longhorn's attacks also match the timeline of the Vault 7 leaks.

Symantec first became aware of Longhorn's activities back in 2014, when the cyberespionage group released a zero-day exploit embedded in a Word document to infect a target with Plexor. Since then, the group's capabilities have grown both in scope and sophistication. More recent attacks include the use of malware tools, such as Corentry, Plexor, Backdoor.Trojan.LH1, and Backdoor.Trojan.LH2.

The cybersecurity specialist viewpoint of Longhorn prior to the Vault 7 leak, is that the organisation was a well-backed and resourceful organisation actively involved in intelligence gathering operations. Additionally, Symantec's analysis indicated that the Longhorn group is based in an English-speaking, North American country.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.

CHANNEL AWARD 2018