equationgroup
Latest
Shadow Brokers release also suggests NSA spied on bank transactions
Besides a cache of potentially damaging zero-day exploits against many versions of Windows, another element of today's Shadow Brokers release is a folder titled SWIFT. Inside, it has documents listing the internal structure at EastNets, a Dubai-based bank and anti-money laundering organization. Banks use the SWIFT messaging system to transfer trillions of dollars every day, and if the documents released are accurate, it appears the NSA wanted access to monitor transfers between banks in the Middle East.
'Shadow Brokers' dump of NSA tools includes new Windows exploits (updated)
Earlier this year "The Shadow Brokers" -- an entity claiming to have stolen hacking tools from the NSA then offering them for sale -- seemed to pack up shop, but the group has continued on. Today, it made a new post that contained a number of working exploits for Windows machines running everything from XP up to at least Windows 8. As far as Windows 10, it appears that the stolen data is from 2013 and predates the latest OS. As such, it isn't immediately apparent if it's vulnerable, but early results indicate at least some of the tools aren't working on it. Update (4/15): Microsoft responded early Saturday morning, saying that for the seven flaws leaked that affect supported systems -- they've all already been patched. Of course, the story gets a bit more interesting from there, since it appears that four of them were only patched just last month, suggesting someone informed the company about the security issues before TSB could leak them.
'Shadow Brokers' give away more NSA hacking tools
The elusive Shadow Brokers didn't have much luck selling the NSA's hacking tools, so they're giving more of the software away -- to everyone. In a Medium post, the mysterious team supplied the password for an encrypted file containing many of the Equation Group surveillance tools swiped back in 2016. Supposedly, the group posted the content in "protest" at President Trump turning his back on the people who voted for him. The leaked data appears to check out, according to researchers, but some of it is a couple of decades old and focused on platforms like Linux.
Edward Snowden suspects NSA hack was a Russian warning
The National Security Agency (and the US itself) may have just received a shot across the bow. Hackers identifying as the Shadow Brokers claim to have breached the Equation Group, a hacking outfit widely linked to NSA activities, and the data they've posted leads Edward Snowden to suspect that it might have been a state-sponsored Russian operation. If the intruders really did publish the spoils of a NSA cyberweapon staging server as they say, it'd suggest that someone wanted to show that they can prove US involvement in any attacks that came from the server.
State-backed spyware targets antivirus maker, Iranian nuclear talks
The threat posed by state-sponsored malware might be even larger than first thought. Antivirus developer Kaspersky Lab says it discovered an attack on its network by allegedly government-made spyware that appears to be an upgraded version of Duqu, the Stuxnet-based worm used by Israel and the US to derail Iran's nuclear efforts. This "Duqu 2.0" not only tried to obtain details about Kaspersky's investigations and detection abilities, but remained remarkably stealthy. Pre-release software was necessary to catch it, and there were attempts to throw researchers off the scent by suggesting that China or Eastern Europe was to blame.
The NSA hides surveillance software in hard drives
It's been known for a while that the NSA will intercept and bug equipment to spy on its soon-to-be owners, but the intellgency agency's techniques are apparently more clever than first thought. Security researchers at Kaspersky Lab have discovered apparently state-created spyware buried in the firmware of hard drives from big names like Seagate, Toshiba and Western Digital. When present, the code lets snoops collect data and map networks that would otherwise be inaccessible -- all they need to retrieve info is for an unwitting user to insert infected storage (such as a CD or USB drive) into an internet-connected PC. The malware also isn't sitting in regular storage, so you can't easily get rid of it or even detect it.
