Digital Weapons of NSA-linked Microsoft hacking tools leak by Shadow Brokers

    3

    The Shadow Brokers, a group of hackers that have stolen exploits and hacking tools from the National Security Agency (NSA), are now selling some of these tools, which include Windows exploits and antivirus bypass tools, on a website hidden on the ZeroNet network.

    They group that claims to have stolen digital weapons once used by the National Security Agency published a trove of active Microsoft Windows software exploits .

    The claimed misuses being used, alongside a complete rundown of filenames and registries were altogether shared by the confounding gathering the “Shadow Brokers,”

    The newly advertised website claims that, for a total price of 750 BTC (Bitcoins), the buyer can purchase the entire database of hacking tools that The Equation Group used, which are entirely focused on the Windows platform.

     

    In their supposed final message, the ShadowBrokers say they are “making [an] exit” and “going dark”— although an associated bitcoin wallet will remain open for new bids.

    The group claims it will come out of hiding to provide the remaining stolen hacking tools only upon receiving 10,000 bitcoin, or $8.13 million worth of the anonymous currency.

    Those exploits and other hacking tools turned out to be legitimate, and many affected hardware firewalls from vendors such as Cisco, Huawei, and Juniper. The group went on to dump more files in October, which allegedly revealed IP addresses linked to NSA hacking operations.

    Spilled reports portraying another module, named “EventLogEdit,” demonstrate it could be utilized to alter occasion logs, giving the attacker the ability to manipulate digital forensic evidence that would normally show anomalies after an intrusion.

    “EventLogEdit” was likely created and conveyed by a very much resourced and in fact skilled foe, similar to a knowledge benefit, portrayed Michael Zeberlein, executive of insight investigation with Area 1 Security.

    This whole time, The Shadow Brokers have been trying to sell more exploits to those willing to cough up a hefty amount of bitcoin. The group started with an auction and crowd-funded approach, before launching a site to apparently sell exploits one by one directly to customers.

    The group hasn’t had much success. “Bidders have only sent a total of 10 bitcoins ($7,800) to the group, far short of the 10,000 bitcoins ($7,800,500) The Shadow Brokers demanded in exchange for a collection of Linux and Windows hacking tools.”

    Including of  These Security software bypass tools

    Security analyst Jacob Williams has downloaded and examined a progression of screenshots gave by the Shadow Brokers aggregate.

    These screenshots purportedly demonstrate the yield of a few apparatuses that are presently being sold as a component of the Windows Warez accumulation. He explained in His blog ,

    “I downloaded the screenshots published by the Shadow Brokers (which oddly doesn’t include this screenshot).  However, it does include the output of the find command across the dump.  After searching through the directory list output for the string “psp” we find a number of different XML files (among other Python files and others)”

    Based on the output of those tools (embedded below), Williams says that in theory, some of these tools should provide the ability to bypass/exploit some antivirus software, such as Avast, Avira, Comodo, Dr.Web, ESET, Kasperksy, McAfee, Microsoft, Panda, Rising Antivirus, Symantec, and Trend Micro.

     

    3 COMMENTS

    Leave a Reply