TheShadowBrokers
Latest
'Shadow Brokers' threaten to release more hacking tools in June
An exploit that the "WannaCry" malware used to encrypt computers worldwide first appeared in a leak from "The Shadow Brokers," a group that claims to have stolen a number of tools from the NSA. Now the Shadow Brokers are back with a new blog post threatening more leaks. Through an intentionally sloppy writing style, the group taunts not only TheEquationGroup (read: NSA), but also Microsoft and its blog post blaming spy agencies, claiming that Microsoft is simply upset the NSA didn't pay to hold its vulnerability.
'WannaCry' ransomware attack spreads worldwide (update)
England's healthcare system came under a withering cyberattack Friday morning, with "at least 25" hospitals across the country falling prey to ransomware that locked doctors and employees out of critical systems and networks. It's now clear that this is not a (relatively) isolated attack but rather a single front in a massive digital assault. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
NHS hospitals in England hit by a widespread cyberattack (updated)
Various NHS Trusts are currently battling with what appears to be a large-scale cyberattack affecting IT systems across the country. According to reports, hospitals and GP surgeries are falling victim to a widespread ransomware attack, causing them to shut down their computer networks. The East and North Hertfordshire NHS Trust was one of the first to acknowledge the problem and switch off its systems, warning locals that they will have trouble getting through on the phone and asking them not to visit accident and emergency unless absolutely necessary. Update: The attack has continued to spread and is now affecting systems around the world. Update 2 (5/13): In response to infections like the ones that crippled parts of the NHS system, Microsoft is releasing a patch for unsupported systems including Windows XP, Windows 8 and Windows Server 2003.
Microsoft says it already patched 'Shadow Brokers' NSA leaks
Yesterday, the mysterious "Shadow Brokers" posted some hacking tools for Windows that were allegedly stolen from the NSA. All of them were at least a few years old, but exploited flaws in several versions of the operating system to move across networks and infect systems. early Saturday morning, Microsoft has responded with a blog post, saying it has evaluated all of the exploits listed. Its response to the release is surprisingly simple: most of them have already been fixed.
Shadow Brokers release also suggests NSA spied on bank transactions
Besides a cache of potentially damaging zero-day exploits against many versions of Windows, another element of today's Shadow Brokers release is a folder titled SWIFT. Inside, it has documents listing the internal structure at EastNets, a Dubai-based bank and anti-money laundering organization. Banks use the SWIFT messaging system to transfer trillions of dollars every day, and if the documents released are accurate, it appears the NSA wanted access to monitor transfers between banks in the Middle East.
'Shadow Brokers' dump of NSA tools includes new Windows exploits (updated)
Earlier this year "The Shadow Brokers" -- an entity claiming to have stolen hacking tools from the NSA then offering them for sale -- seemed to pack up shop, but the group has continued on. Today, it made a new post that contained a number of working exploits for Windows machines running everything from XP up to at least Windows 8. As far as Windows 10, it appears that the stolen data is from 2013 and predates the latest OS. As such, it isn't immediately apparent if it's vulnerable, but early results indicate at least some of the tools aren't working on it. Update (4/15): Microsoft responded early Saturday morning, saying that for the seven flaws leaked that affect supported systems -- they've all already been patched. Of course, the story gets a bit more interesting from there, since it appears that four of them were only patched just last month, suggesting someone informed the company about the security issues before TSB could leak them.
'Shadow Brokers' give away more NSA hacking tools
The elusive Shadow Brokers didn't have much luck selling the NSA's hacking tools, so they're giving more of the software away -- to everyone. In a Medium post, the mysterious team supplied the password for an encrypted file containing many of the Equation Group surveillance tools swiped back in 2016. Supposedly, the group posted the content in "protest" at President Trump turning his back on the people who voted for him. The leaked data appears to check out, according to researchers, but some of it is a couple of decades old and focused on platforms like Linux.
'Guccifer 2.0' DNC leaker returns, as 'Shadow Brokers' exit
Throughout the presidential campaign last year, a hacker calling themselves "Guccifer 2.0" leaked DNC documents, before going dark just before the actual election. Now, after being tagged as a front for Russian government-directed hacking, the identity has returned, writing in much clearer English and taunting US intelligence. In a blog post, Guccifer 2.0 claims again to have no connection to Russia, and refutes assertions made by the DHS and FBI to the contrary.
NSA operative might have accidentally leaked its hacking tools
American authorities are still digging into how a set of NSA's hacking tools landed in the hands of a group called Shadow Brokers who then leaked them online. According to Reuters, they're now focusing their investigation on a theory that one NSA operative used the tools on a remote computer three years ago. They believe the operative left them there exposed, and that's where Russian hackers got a hold of them. The exploits allow users to take advantage of security systems' software flaws. They can target a number of companies' products in particular, including Cisco's firewalls and routers, putting their customers at risk.
Edward Snowden suspects NSA hack was a Russian warning
The National Security Agency (and the US itself) may have just received a shot across the bow. Hackers identifying as the Shadow Brokers claim to have breached the Equation Group, a hacking outfit widely linked to NSA activities, and the data they've posted leads Edward Snowden to suspect that it might have been a state-sponsored Russian operation. If the intruders really did publish the spoils of a NSA cyberweapon staging server as they say, it'd suggest that someone wanted to show that they can prove US involvement in any attacks that came from the server.
