Thursday, March 28, 2024

Shadow Brokers Leaked NSA Document Contains Sophisticated Hacking Tools to Tracks Other Country Hackers

A year ago, a well known hacking group called “Shadow Brokers” Leaked tons of NSA hacking Dump that contains a Zero-day exploit to install the malware on the target machine and compromise it.

Many of the studies and experts have concluded it with Zero day exploits and other most potent tools.

But recent research revealed that leaked documents contain a collection of scripts and scanning tools that used by National Security Agency.

Collection of newly discovered tools are used to detect other nation-state hackers on the machines it infects.

In this case, NSA Used those tools to tracking at least 45 different nation-state operations using the Advanced persistent threats.

Hungarians security researchers studied the tools and scripts that was leaked by shadow brokers known as Territorial Dispute, or TeDi.

During this operation, NSA wants to know if foreign spies are in the same machines Because When the NSA hacks machines in Iran, Russia, China, and elsewhere, other hackers can steal NSA tools or spy on NSA activity in the machines.

Also NSA very concern about another hacker that they can also cause the NSA’s own operations to get exposed.

If NSA finds someone in the same machine, they decide to withdraw or proceed with extra caution.

“According to the intelligence source that said to theintercept, “They started to become concerned about sitting on a box with our tools and there being other actors there that could steal or figure out what we were doing”. It was to avoid being detected.
Hungarian researchers took the cryptic names assigned by the NSA to nation-state computer attacks

In this case, None of the advanced threat groups are identified in the NSA scripts by names commonly used for them by the research community — instead, the NSA calls them Sig1, Sig2, etc.

but Hungarian researchers spent a lot more time going through the scripts to try to match them to known malware samples and advanced threat groups.

In at least one case, involving a sophisticated hacking group known as Dark Hotel, believed to be from South Korea and targeting entities in Asia, it appears the NSA may have been tracking some of the group’s tools in 2011, about three years before the broader security community discovered them.theintercept said.

Website

Latest articles

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers

A critical vulnerability in Ray, an open-source AI framework that is widely utilized across...

Chinese Hackers Attacking Southeast Asian Nations With Malware Packages

Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two...

CISA Warns of Hackers Exploiting Microsoft SharePoint Server Vulnerability

Cybersecurity and Infrastructure Security Agency (CISA) has warned about a critical vulnerability in Microsoft...

Microsoft Expands Edge Bounty Program to Include WebView2!

Microsoft announced that Microsoft Edge WebView2 eligibility and specific out-of-scope information are now included...

Beware of Free Android VPN Apps that Turn Your Device into Proxies

Cybersecurity experts have uncovered a cluster of Android VPN applications that covertly transform user...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles