Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities


Right now there’s a ton of people talking about the NSA Hack, the severity, the repercussions and the value of what has been leaked. It seems the 0-day exploits in the cache of stolen aren’t super recent ones, as it appears they are from 2013.

Shadow Brokers NSA Hack Leaks 0-day Vulnerabilities

But even so, some of them haven’t been patched as both Cisco and Fortinet have warned customers about the vulnerabilities revealed in the data posted by Shadow Brokers.

A group calling itself the Shadow Brokers has started an online auction for top-of-the-range tools it claims were stolen from the Equation Group, a digital attack squad linked to the NSA.

The Shadow Brokers posted up news of the auction saying (in broken English) that they had been monitoring the Equation Group’s servers, had stolen the advanced hacking tools, and will auction them off to the highest bidder. The group said that if it gets Bitcoins worth $1m they will release the tools for free to everyone.

“We want make sure Wealthy Elite recognizes the danger cyber weapons, this message, our auction, poses to their wealth and control. Let us spell out for Elites. Your wealth and control depends on electronic data,” the group said [the link has since been taken down].

“You see what ‘Equation Group’ can do. You see what cryptolockers and stuxnet can do. You see free files we give for free. You see attacks on banks and SWIFT in news. Maybe there is Equation Group version of cryptolocker+stuxnet for banks and financial systems?”

Claims about stuff like this for sale online are often fake, so to prove their case the team posted sample code, which it says is around 40 per cent of the total, online. Postings on Github and other download sites have since been taken down, but not before some people got copies.


Now it seems NSA wasn’t hacked directly, but via an agency called Equation Group which is believed to be a digital cyber-terrorism arm of the NSA.

Even so, it brings up some well debated issues about the NSA reporting zero-day flaws to vendors rather than hoarding them (which the White House promised they would stop doing).

A preliminary analysis shows the revealed list seems to be focusing on router flaws, some of them quite old. Some files also share names with exploits listed in the NSA’s Tailored Access Operations hacking team’s catalogue for agents, revealed in 2013 by Edward Snowden.

Kaspersky, who first linked the Equation Group to the NSA, said it was analyzing the files but had no clue as to their veracity as yet. But Timo Steffens, a member of the German CERT-Bund team, is taking a skeptical line, although he acknowledged that if this is a fake, the scammers had put in a lot of effort.

Initial analysis by the likes of Kaspersky Labs, NSA whistleblower Edward Snowden, and a host of independent security researchers shore up claims by a hacking group calling itself Shadow Brokers that the exploits and toolsets it hopes to auction for millions of dollars in Bitcoins are legitimate Equation group weaponry.

Kaspersky Labs last year revealed the Equation group to be almost certainly a state-sponsored actor and, according to deep analysis of its activities, highly likely to be a wing of the National Security Agency given a series of very striking operational and technical similarities.

The Shadow Brokers group seems to likely originate from Russia, so this is a nation state vs nation state attack possibly at the highest levels of each countries intelligence agencies.

It’s an interesting story and it’s creating a lot of news and drama, it’s a tough call for NSA as they have to maintain their attack capabilities against Russia and China whilst also balancing the health of American commerce and the safety of all the users utilising equipment from those vendors.

Source: The Register

Posted in: Exploits/Vulnerabilities, Hacking Tools

,


Latest Posts:


SecLists - Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells SecLists – Usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells
SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place.
DeepSound - Audio Steganography Tool DeepSound – Audio Steganography Tool
DeepSound is an audio steganography tool and audio converter that hides secret data into audio files, the application also enables you to extract from files.
2019 High Severity Vulnerabilities What are the MOST Critical Web Vulnerabilities in 2019?
So what is wild on the web this year? Need to know about the most critical web vulnerabilities in 2019 to protect your organization?
GoBuster - Directory/File & DNS Busting Tool in Go GoBuster – Directory/File & DNS Busting Tool in Go
GoBuster is a tool used to brute-force URIs (directories and files) in web sites and DNS subdomains (inc. wildcards) - a directory/file & DNS busting tool.
BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.


Comments are closed.