Sunday, July 14, 2024
EHA

Shadow Brokers Leaked NSA Document Contains Sophisticated Hacking Tools to Tracks Other Country Hackers

A year ago, a well known hacking group called “Shadow Brokers” Leaked tons of NSA hacking Dump that contains a Zero-day exploit to install the malware on the target machine and compromise it.

Many of the studies and experts have concluded it with Zero day exploits and other most potent tools.

But recent research revealed that leaked documents contain a collection of scripts and scanning tools that used by National Security Agency.

Collection of newly discovered tools are used to detect other nation-state hackers on the machines it infects.

In this case, NSA Used those tools to tracking at least 45 different nation-state operations using the Advanced persistent threats.

Hungarians security researchers studied the tools and scripts that was leaked by shadow brokers known as Territorial Dispute, or TeDi.

During this operation, NSA wants to know if foreign spies are in the same machines Because When the NSA hacks machines in Iran, Russia, China, and elsewhere, other hackers can steal NSA tools or spy on NSA activity in the machines.

Also NSA very concern about another hacker that they can also cause the NSA’s own operations to get exposed.

If NSA finds someone in the same machine, they decide to withdraw or proceed with extra caution.

“According to the intelligence source that said to theintercept“They started to become concerned about sitting on a box with our tools and there being other actors there that could steal or figure out what we were doing”. It was to avoid being detected.
Hungarian researchers took the cryptic names assigned by the NSA to nation-state computer attacks

In this case, None of the advanced threat groups are identified in the NSA scripts by names commonly used for them by the research community — instead, the NSA calls them Sig1, Sig2, etc.

but Hungarian researchers spent a lot more time going through the scripts to try to match them to known malware samples and advanced threat groups.

In at least one case, involving a sophisticated hacking group known as Dark Hotel, believed to be from South Korea and targeting entities in Asia, it appears the NSA may have been tracking some of the group’s tools in 2011, about three years before the broader security community discovered them.theintercept said.

Website

Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles