Categories: Hacks

Digital Weapons of NSA-linked Microsoft hacking tools leak by Shadow Brokers

The Shadow Brokers, a group of hackers that have stolen exploits and hacking tools from the National Security Agency (NSA), are now selling some of these tools, which include Windows exploits and antivirus bypass tools, on a website hidden on the ZeroNet network.

They group that claims to have stolen digital weapons once used by the National Security Agency published a trove of active Microsoft Windows software exploits .

The claimed misuses being used, alongside a complete rundown of filenames and registries were altogether shared by the confounding gathering the “Shadow Brokers,”

The newly advertised website claims that, for a total price of 750 BTC (Bitcoins), the buyer can purchase the entire database of hacking tools that The Equation Group used, which are entirely focused on the Windows platform.

In their supposed final message, the ShadowBrokers say they are “making [an] exit” and “going dark”— although an associated bitcoin wallet will remain open for new bids.

The group claims it will come out of hiding to provide the remaining stolen hacking tools only upon receiving 10,000 bitcoin, or $8.13 million worth of the anonymous currency.

Those exploits and other hacking tools turned out to be legitimate, and many affected hardware firewalls from vendors such as Cisco, Huawei, and Juniper. The group went on to dump more files in October, which allegedly revealed IP addresses linked to NSA hacking operations.

Spilled reports portraying another module, named “EventLogEdit,” demonstrate it could be utilized to alter occasion logs, giving the attacker the ability to manipulate digital forensic evidence that would normally show anomalies after an intrusion.

“EventLogEdit” was likely created and conveyed by a very much resourced and in fact skilled foe, similar to a knowledge benefit, portrayed Michael Zeberlein, executive of insight investigation with Area 1 Security.

This whole time, The Shadow Brokers have been trying to sell more exploits to those willing to cough up a hefty amount of bitcoin. The group started with an auction and crowd-funded approach, before launching a site to apparently sell exploits one by one directly to customers.

The group hasn’t had much success. “Bidders have only sent a total of 10 bitcoins ($7,800) to the group, far short of the 10,000 bitcoins ($7,800,500) The Shadow Brokers demanded in exchange for a collection of Linux and Windows hacking tools.”

Including of  These Security software bypass tools

Security analyst Jacob Williams has downloaded and examined a progression of screenshots gave by the Shadow Brokers aggregate.

These screenshots purportedly demonstrate the yield of a few apparatuses that are presently being sold as a component of the Windows Warez accumulation. He explained in His blog ,

“I downloaded the screenshots published by the Shadow Brokers (which oddly doesn’t include this screenshot).  However, it does include the output of the find command across the dump.  After searching through the directory list output for the string “psp” we find a number of different XML files (among other Python files and others)”

Based on the output of those tools (embedded below), Williams says that in theory, some of these tools should provide the ability to bypass/exploit some antivirus software, such as Avast, Avira, Comodo, Dr.Web, ESET, Kasperksy, McAfee, Microsoft, Panda, Rising Antivirus, Symantec, and Trend Micro.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

View Comments

  • Prolly easy to have patches ready so fast, if you made the vulnerabilities at the request of the NSA

    who actually knows anymore

Recent Posts

Threat Actors Exploit Google Docs And Weebly Services For Malware Attacks

Phishing attackers used Google Docs to deliver malicious links, bypassing security measures and redirecting victims…

4 hours ago

Python NodeStealer: Targeting Facebook Business Accounts to Harvest Login Credentials

The Python-based NodeStealer, a sophisticated info-stealer, has evolved to target new information and employ advanced…

4 hours ago

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute…

7 hours ago

Meta Removed 2 Million Account Linked to Malicious Activities

 Meta has announced the removal of over 2 million accounts connected to malicious activities, including…

10 hours ago

Veritas Enterprise Vault Vulnerabilities Lets Attackers Execute Arbitrary Code Remotely

Critical security vulnerability has been identified in Veritas Enterprise Vault, a widely-used archiving and content…

11 hours ago

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing…

12 hours ago