From bbf6716c734046e033bb51a1ea4763f9dc75408b Mon Sep 17 00:00:00 2001 From: Alexandre Dulaunoy Date: Mon, 10 Apr 2017 20:22:57 +0200 Subject: [PATCH] Longhorn (CIA) added --- clusters/threat-actor.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json index 84edfa51..b54ea59c 100644 --- a/clusters/threat-actor.json +++ b/clusters/threat-actor.json @@ -1502,6 +1502,16 @@ }, "value": "Groundbait", "description": "Groundbait is a group targeting anti-government separatists in the self-declared Donetsk and Luhansk People’s Republics." + }, + { + "meta": { + "refs": [ + "https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7" + ], + "country": "US" + }, + "value": "Longhorn", + "description": "Longhorn has been active since at least 2011. It has used a range of back door Trojans in addition to zero-day vulnerabilities to compromise its targets. Longhorn has infiltrated governments and internationally operating organizations, in addition to targets in the financial, telecoms, energy, aerospace, information technology, education, and natural resources sectors. All of the organizations targeted would be of interest to a nation-state attacker. Longhorn has infected 40 targets in at least 16 countries across the Middle East, Europe, Asia, and Africa. On one occasion a computer in the United States was compromised but, following infection, an uninstaller was launched within hours, which may indicate this victim was infected unintentionally." } ], "name": "Threat actor", @@ -1516,5 +1526,5 @@ ], "description": "Known or estimated adversary groups targeting organizations and employees. Adversary groups are regularly confused with their initial operation or campaign.", "uuid": "7cdff317-a673-4474-84ec-4f1754947823", - "version": 18 + "version": 19 }