Friday, June 13, 2025
HomeSecurity NewsShadow Brokers Leaked NSA Document Contains Sophisticated Hacking Tools to Tracks Other...

Shadow Brokers Leaked NSA Document Contains Sophisticated Hacking Tools to Tracks Other Country Hackers

Published on

SIEM as a Service

Follow Us on Google News

A year ago, a well known hacking group called “Shadow Brokers” Leaked tons of NSA hacking Dump that contains a Zero-day exploit to install the malware on the target machine and compromise it.

Many of the studies and experts have concluded it with Zero day exploits and other most potent tools.

But recent research revealed that leaked documents contain a collection of scripts and scanning tools that used by National Security Agency.

- Advertisement - Google News

Collection of newly discovered tools are used to detect other nation-state hackers on the machines it infects.

In this case, NSA Used those tools to tracking at least 45 different nation-state operations using the Advanced persistent threats.

Hungarians security researchers studied the tools and scripts that was leaked by shadow brokers known as Territorial Dispute, or TeDi.

During this operation, NSA wants to know if foreign spies are in the same machines Because When the NSA hacks machines in Iran, Russia, China, and elsewhere, other hackers can steal NSA tools or spy on NSA activity in the machines.

Also NSA very concern about another hacker that they can also cause the NSA’s own operations to get exposed.

If NSA finds someone in the same machine, they decide to withdraw or proceed with extra caution.

“According to the intelligence source that said to theintercept, “They started to become concerned about sitting on a box with our tools and there being other actors there that could steal or figure out what we were doing”. It was to avoid being detected.
Hungarian researchers took the cryptic names assigned by the NSA to nation-state computer attacks

In this case, None of the advanced threat groups are identified in the NSA scripts by names commonly used for them by the research community — instead, the NSA calls them Sig1, Sig2, etc.

but Hungarian researchers spent a lot more time going through the scripts to try to match them to known malware samples and advanced threat groups.

In at least one case, involving a sophisticated hacking group known as Dark Hotel, believed to be from South Korea and targeting entities in Asia, it appears the NSA may have been tracking some of the group’s tools in 2011, about three years before the broader security community discovered them.theintercept said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Major Outage Hits Google Cloud and Linked Cloudflare Services, Thousands Affected

On June 12, 2025, concurrent infrastructure failures at Cloudflare and Google caused widespread service...

TokenBreak Exploit Tricks AI Models Using Minimal Input Changes

HiddenLayer’s security research team has uncovered TokenBreak, a novel attack technique that bypasses AI...

WebDAV Remote Code Execution 0-Day Actively Exploited — PoC Released

A critical zero-day vulnerability in Microsoft’s Web Distributed Authoring and Versioning (WebDAV) protocol, tracked...

Cybercriminals Exploiting Expired Discord Invite Links to Deploy Multi-Stage Malware

Recent investigations by Check Point Research have uncovered a sophisticated malware campaign that leverages...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Don’t Click “Unsubscribe” links blindly It May Leads to Loss of Credentials

Imagine your inbox is overflowing with promotional emails—some from familiar companies, others less so....

ConnectWise to Update Code Signing Certificates for ScreenConnect, Automate, and RMM

ConnectWise, a leading provider of remote management and cyber protection tools for managed service...

ESET Details on How to Manage Your Digital Footprint

ESET, a leading cybersecurity firm, has shed light on the intricate nature of digital...