CIA Implant: Green Lambert for OS X(objective-see.com)
objective-see.com
CIA Implant: Green Lambert for OS X
https://objective-see.com/blog/blog_0x68.html
32 comments
> But which version of OS X does the implant need? We know that it’s a 32-bit executable, and the latest macOS is 64-bit only. We can narrow this down further by looking at symbols using nm.
Not sure if it was useful in this case, but usually you can find this information in the Mach-O header.
Not sure if it was useful in this case, but usually you can find this information in the Mach-O header.
sneeeeeed(10)
Where is it asserted/confirmed that Longhorn == CIA? I don't see it mentioned in the article nor the linked articles (not that I searched exhaustively).
The first line from the article:
In March 2017, WikiLeaks began publishing thousands of files detailing the CIA’s spying operations and hacking tools. The leak, known as Vault 7, was the largest disclosure of classified information in the agency’s history. In April, Symantec publicly linked Vault 7 to an advanced threat actor named Longhorn. Kaspersky then announced it tracks the same actor as The Lamberts, and revealed the existence of an OS X implant called Green Lambert.
One of the most important revelations in the Vault 7 was the CIA's false flag tooling to ascribe cyberattacks to say Russia, China etc.
https://en.wikipedia.org/wiki/False_flag
https://en.wikipedia.org/wiki/False_flag
This is news to me. Do you know of a good article that summarizes Vault 7?
I mean... https://en.wikipedia.org/wiki/Vault_7
Yeah, but that doesn't say what you think it says:
> Cybersecurity writers, such as Ben Buchanan and Kevin Poulsen, were skeptical of [the false flag theories]. Poulsen wrote, "The leaked catalog isn't organized by country of origin, and the specific malware used by the Russian DNC hackers is nowhere on the list."
https://en.wikipedia.org/wiki/Vault_7#False_flag_theories
> Cybersecurity writers, such as Ben Buchanan and Kevin Poulsen, were skeptical of [the false flag theories]. Poulsen wrote, "The leaked catalog isn't organized by country of origin, and the specific malware used by the Russian DNC hackers is nowhere on the list."
https://en.wikipedia.org/wiki/Vault_7#False_flag_theories
It doesn't take CIA tools to change the properties of a Word document though
Even if that one hack was carried out by Russia, the CIA still have tools to create false flag attacks.
Ohhhh I see, I didn't connect the "lineage": Vault 7 leak from CIA, Symantec says stuff in Vault 7 is from Longhorn. Thanks for pointing out the obvious for me haha :)
I clicked over to Wikileaks + Kapersky's post, interested in possibly writing a small shell script to automate running some of these commands on a given file as a weekend project, but it'd be hard to test such a tool w/o the original binary.
(Maybe it's just been a long day and I'm missing a plainly labeled link, and if so, I apologize for not RTFMing hard enough :) )