PLATINUM TERMINAL

In March 2017 Wikileaks began a series of public disclosures, under the project name 'Vault7', detailing offensive tools that it claimed were attributable to the United States (U.S.) Central Intelligence Agency (CIA). In April 2017, Symantec confirmed that the tools matched malware used by a group they called Longhorn. CTU researchers track this group as PLATINUM TERMINAL.

The tools disclosed in the Vault7 release provided capabilities for persistent, covert access to targets; network traffic interception and manipulation; reconnaissance and data exfiltration; and anti-forensic tools to complicate detection and analysis. PLATINUM TERMINAL is a highly capable threat group that CTU researchers assess with moderate confidence is operated by the U.S. government and has a focus on intelligence gathering to support national security objectives.