Wednesday, February 21, 2024

Shadow Brokers Leaked NSA Document Contains Sophisticated Hacking Tools to Tracks Other Country Hackers

A year ago, a well known hacking group called “Shadow Brokers” Leaked tons of NSA hacking Dump that contains a Zero-day exploit to install the malware on the target machine and compromise it.

Many of the studies and experts have concluded it with Zero day exploits and other most potent tools.

But recent research revealed that leaked documents contain a collection of scripts and scanning tools that used by National Security Agency.

Collection of newly discovered tools are used to detect other nation-state hackers on the machines it infects.

In this case, NSA Used those tools to tracking at least 45 different nation-state operations using the Advanced persistent threats.

Hungarians security researchers studied the tools and scripts that was leaked by shadow brokers known as Territorial Dispute, or TeDi.

During this operation, NSA wants to know if foreign spies are in the same machines Because When the NSA hacks machines in Iran, Russia, China, and elsewhere, other hackers can steal NSA tools or spy on NSA activity in the machines.

Also NSA very concern about another hacker that they can also cause the NSA’s own operations to get exposed.

If NSA finds someone in the same machine, they decide to withdraw or proceed with extra caution.

“According to the intelligence source that said to theintercept“They started to become concerned about sitting on a box with our tools and there being other actors there that could steal or figure out what we were doing”. It was to avoid being detected.
Hungarian researchers took the cryptic names assigned by the NSA to nation-state computer attacks

In this case, None of the advanced threat groups are identified in the NSA scripts by names commonly used for them by the research community — instead, the NSA calls them Sig1, Sig2, etc.

but Hungarian researchers spent a lot more time going through the scripts to try to match them to known malware samples and advanced threat groups.

In at least one case, involving a sophisticated hacking group known as Dark Hotel, believed to be from South Korea and targeting entities in Asia, it appears the NSA may have been tracking some of the group’s tools in 2011, about three years before the broader security community discovered them.theintercept said.

Website

Latest articles

Beware of VietCredCare Malware that Steals businesses’ Facebook Accounts

A new cybersecurity threat targeting Facebook advertisers in Vietnam, known as VietCredCare, has emerged....

Google Chrome 122 Update Addresses Critical Security Vulnerabilities

Google has recently unveiled Chrome 122, a significant milestone for the widely used web...

New Malicious PyPI Packages Use DLL Sideloading In A Supply Chain Attack

Researchers have discovered that threat actors have been using open-source platforms and codes for...

New Mingo Malware Attacking Linux Redis Servers To Mine Cryptocurrency

The malware, termed Migo by the creators, attempts to infiltrate Redis servers to mine cryptocurrency on...

Security Onion 2.4.50 Released for Defenders With New Features

Security Onion Solutions has recently rolled out the latest version of its network security...

VMware Urges to Remove Enhanced EAP Plugin to Stop Auth & Session Hijack Attacks

VMware has issued an urgent advisory to administrators to remove a deprecated authentication plugin...

LockBit Ransomware Members Charged by Authorities, Free Decryptor Released

In a significant blow to one of the most prolific ransomware operations, authorities from...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles