The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: The Shadow Brokers

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them
May 07, 2019Swati Khandelwal
In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA's Equation Group almost a year before the mysterious Shadow Brokers group leaked them. According to a new report published by cybersecurity firm Symantec, a Chinese-linked group, which it calls Buckeye , was using the NSA-linked hacking tools as far back as March 2016, while the Shadow Brokers dumped some of the tools on the Internet in April 2017. Active since at least 2009, Buckeye—also known as APT3, Gothic Panda, UPS Team, and TG-0110—is responsible for a large number of espionage attacks, mainly against defence and critical organizations in the United States. Although Symantec did not explicitly name China in its report, researchers with a high degree of confidence have previously attributed [ 1 , 2 ] Buckeye hacking group to an information security company, called Boyusec, who is working on beh

Ex-NSA Contractor Pleads Guilty to 20-Year-Long Theft of Classified Data

Ex-NSA Contractor Pleads Guilty to 20-Year-Long Theft of Classified Data
March 28, 2019Mohit Kumar
A former National Security Agency contractor—who stole an enormous amount of sensitive information from the agency and then stored it at his home and car for over two decades—today changed his plea to guilty. The theft was labeled as the largest heist of classified government material in America's history. Harold Thomas Martin III, a 54-year-old Navy veteran from Glen Burnie, abused his top-secret security clearances to stole at least 50 terabytes of classified national defense data from government computers over two decades while working for a number of NSA departments between 1996 and 2016. In August 2016, the FBI arrested Martin at his Maryland home and found "six full bankers' boxes" worth of documents, many of which were marked "Secret" and "Top Secret," in his home and car. At the time of his arrest in August 2016, Martin also worked for Booz Allen Hamilton Holding Corp, the same company that previously employed  Edward Snowden  

Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker

Turns Out Kaspersky Labs Helped FBI Catch Alleged NSA Leaker
January 09, 2019Swati Khandelwal
Remember " The Shadow Brokers " and the arrest of a former NSA contractor accused of stealing 50 Terabytes of top secret documents from the intelligence agency? It turns out that, Kaspersky Lab, which has been banned in US government computers over spying fears, was the one who tipped off the U.S. government and helped the FBI catch NSA contractor Harold T. Martin III , unnamed sources familiar with the investigation told Politico. In October 2016, the U.S. government arrested and charged Martin, 51, with theft of highly classified documents, including most sensitive NSA hacking tools and top-secret information about "national defense," that he siphoned from government computers over the period of two decades. The breach is believed to be the largest heist of classified government material in America's history, far bigger than Edward Snowden leaks . According to the sources, the Antivirus firm learned about Martin after he sent unusual direct messag

Leaked NSA Dump Also Contains Tools Agency Used to Track Other Hackers

Leaked NSA Dump Also Contains Tools Agency Used to Track Other Hackers
March 07, 2018Swati Khandelwal
A years ago when the mysterious hacking group ' The Shadow Brokers ' dumped a massive trove of sensitive data stolen from the US intelligence agency NSA, everyone started looking for secret hacking tools and zero-day exploits . A group of Hungarian security researchers from CrySyS Lab and Ukatemi has now revealed that the NSA dump doesn't just contain zero-day exploits used to take control of targeted systems , but also include a collection of scripts and scanning tools the agency uses to track operations of hackers from other countries. According to a report published today by the Intercept, NSA's specialized team known as Territorial Dispute (TeDi) developed some scripts and scanning tools that help the agency to detect other nation-state hackers on the targeted machines it infects. NSA hackers used these tools to scan targeted systems for 'indicators of compromise' (IoC) in order to protect its own operations from getting exposed, as well as to fin

U.S. Believes Russian Spies Used Kaspersky Antivirus to Steal NSA Secrets

U.S. Believes Russian Spies Used Kaspersky Antivirus to Steal NSA Secrets
October 06, 2017Unknown
Do you know—United States Government has banned federal agencies from using Kaspersky antivirus software over spying fear? Though there's no solid evidence yet available, an article published by WSJ claims  that the Russian state-sponsored hackers stole highly classified NSA documents from a contractor in 2015 with the help of a security program made by Russia-based security firm Kaspersky Lab. Currently, there is no way to independently confirm if the claims on the popular security vendor published by the Wall Street Journal is accurate—and the story does not even prove the involvement of Kaspersky. "As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight," Kaspersky said in a statement. The NSA contractor working with the American intelligence agency, whose identity has not yet been disclosed, reportedly do

Shadow Brokers Leaks Another Windows Hacking Tool Stolen from NSA's Arsenal

Shadow Brokers Leaks Another Windows Hacking Tool Stolen from NSA’s Arsenal
September 08, 2017Swati Khandelwal
The Shadow Brokers , a notorious hacking group that leaked several hacking tools from the NSA, is once again making headlines for releasing another NSA exploit—but only to its "monthly dump service" subscribers. Dubbed UNITEDRAKE , the implant is a "fully extensible remote collection system" that comes with a number of "plug-ins," enabling attackers to remotely take full control over targeted Windows computers. In its latest post, the hacking group announced a few changes to its monthly dump service and released encrypted files from the previous months as well. Notably, the September dump also includes an unencrypted PDF file, which is a user manual for the UNITEDRAKE (United Rake) exploit developed by the NSA. According to the leaked user manual, UNITEDRAKE is a customizable modular malware with the ability to capture webcam and microphone output, log keystrokes, access external drives and more in order to spy on its targets. The tool c

'Shadow Brokers' Threatens to Unmask A Hacker Who Worked With NSA

'Shadow Brokers' Threatens to Unmask A Hacker Who Worked With NSA
June 28, 2017Swati Khandelwal
The Shadow Brokers , a notorious hacking group that leaked US cyberweapons — which were also abused by the recent ransomware disasters WannaCry and Petya or NotPetya — has now threatened to unmask the identity of a former hacker who worked for the NSA. Besides this, the Shadow Brokers group has also doubled the price for its monthly subscription model of NSA's built hacking tools and zero-day exploits from 100 ZEC (Zcash) to 200 ZEC, which is around $64,400 USD. Moreover, the hacking group has also announced a VIP service for people, who will be entertained by the group for their queries on the leaked hacking tools and exploits. To subscribe to the VIP service, one has to make a one-time payment of 400 ZEC (around US$128,800). Last month, the Shadow Brokers announced to release more zero-days exploits and hacking tools  developed by the US spy agency every month from June 2017, but only to private members who will subscribe for receiving exclusive access to the futur

Microsoft Releases Patches for 3 Remaining NSA Windows Exploits

Microsoft Releases Patches for 3 Remaining NSA Windows Exploits
June 14, 2017Mohit Kumar
Did you know… last month's widespread WannaCry ransomware attack forced Microsoft to release security updates against EternalBlue SMB exploit for unsupported versions of Windows, but the company left other three Windows zero-day exploits unpatched? For those unaware, EternalBlue is a Windows SMB flaw that was leaked by the Shadow Brokers in April and then abused by the WannaCry ransomware to infect nearly 300,000 computers in more than 150 countries within just 72 hours on 12th of May. Shortly after WannaCry outbreak, we reported that three unpatched Windows exploits , codenamed " EsteemAudit, " " ExplodingCan ," and " EnglishmanDentist ," were also being exploited by individuals and state-sponsored hackers in the wild. Specially EsteemAudit , one of the dangerous Windows hacking tool that targets remote desktop protocol (RDP) service on Microsoft Windows Server 2003 and Windows XP machines, while ExplodingCan exploits bugs in IIS 6.0 and E

Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month

Shadow Brokers Launches 0-Day Exploit Subscriptions for $21,000 Per Month
May 30, 2017Swati Khandelwal
As promised to release more zero-days exploits and hacking tools for various platforms starting from June 2017, the infamous hacking group Shadow Brokers is back with more information on how to subscribe and become a private member for receiving exclusive access to the future leaks. The Shadow Brokers is the same hacking group who leaked NSA's built Windows hacking tools and zero-day exploits in public that led to the WannaCry menace . When the Shadow Brokers promised its June 2017 release two weeks ago, the group announced that it would sell new zero-day exploits and hacking tools only to the private members with paid monthly subscription, instead of making them public for everyone. How to Become Member of the 'Wine of Month' Club? Now, just a few minutes ago, the hacking collective has released details about how to participate in the monthly subscription model – or the "Wine of Month Club," as the group called it – to get exclusive access to the

Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days

Shadow Brokers, Who Leaked WannaCry SMB Exploit, Are Back With More 0-Days
May 16, 2017Swati Khandelwal
The infamous hacking collective Shadow Brokers – the one who leaked the Windows SMB exploit in public that led to last weekend's WannaCrypt menace – are back, this time, to cause more damage. In typically broken English, the Shadow Brokers published a fresh statement (with full of frustration) a few hours ago, promising to release more zero-day bugs and exploits for various desktop and mobile platforms starting from June 2017. However, this time the Shadow Brokers leaks will not be available for everybody, as the hacking collective said: "TheShadowBrokers is launching new monthly subscription model. Is being like [the] wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month." To some extent, this is good news, but it is terrible news too. Good because now all these upcoming alleged unpatched vulnerabilities will be patched after being disclosed and terrible because the group will sell new zero-day e

Protect Against WannaCry: Microsoft Issues Patch for Unsupported Windows (XP, Vista, 8,...)

Protect Against WannaCry: Microsoft Issues Patch for Unsupported Windows (XP, Vista, 8,...)
May 13, 2017Mohit Kumar
Update —  After reading this article, if you want to know, what has happened so far in past 4 days and how to protect your computers from WannaCry, read our latest article " WannaCry Ransomware: Everything You Need To Know Immediately . "  In the wake of the largest ransomware attack in the history that had already infected over 114,000 Windows systems worldwide since last 24 hours, Microsoft just took an unusual step to protect its customers with out-of-date computers. Also Read —   Google Researcher Finds Link Between WannaCry Attacks and North Korea . Microsoft has just released an emergency security patch update for all its unsupported version of Windows, including Windows XP, Vista, Windows 8, Server 2003 and 2008 Editions. So, if your organization, for some reason, is still running on Windows XP or Vista, you are strongly advised to download and APPLY PATCH NOW ! WannaCrypt , or also known as WannaCry, is a new ransomware that wreaked havoc across the wo

Turns Out Microsoft Has Already Patched Exploits Leaked By Shadow Brokers

Turns Out Microsoft Has Already Patched Exploits Leaked By Shadow Brokers
April 15, 2017Swati Khandelwal
The latest dump of hacking tools allegedly belonged to the NSA is believed to be the most damaging release by the Shadow Brokers till the date. But after analyzing the disclosed exploits, Microsoft security team says most of the windows vulnerabilities exploited by these hacking tools, including EternalBlue, EternalChampion, EternalSynergy, EternalRomance and others, are already patched in the last month's Patch Tuesday update. " Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Customers still running prior versions of these products are encouraged to upgrade to a supported offering, " Microsoft Security Team said in a blog post  published today. On Good Friday, the Shadow Brokers released a massive trove of Windows hacking tools allegedly stolen from NSA that works against almost all versions of Windows, from Windows 2000 and XP to Windows 7 and 8, and their server-side variants such as Serve

Latest Hacking Tools Leak Indicates NSA Was Targeting SWIFT Banking Network

Latest Hacking Tools Leak Indicates NSA Was Targeting SWIFT Banking Network
April 14, 2017Mohit Kumar
Update: Most of the exploits made publicly available (mentioned in this article) by the Shadow Brokers group are already patched by Microsoft in the last month's Patch Tuesday update. So, it is always recommended that you keep your systems up-to-date in order to prevent you from being hacked. The Shadow Brokers – a hackers group that claimed to have stolen a bunch of hacking tools from the NSA – released today more alleged hacking tools and exploits that target earlier versions of Windows operating system, along with evidence that the Intelligence agency also targeted the SWIFT banking system of several banks around the world. Last week, the hacking group released the password for an encrypted cache of Unix exploits , including a remote root zero-day exploit for Solaris OS, and the TOAST framework the group put on auction last summer. The hacking tools belonged to " Equation Group " – an elite cyber attack unit linked to the National Security Agency (NSA).

Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits

Shadow Brokers Group Releases More Stolen NSA Hacking Tools & Exploits
April 08, 2017Mohit Kumar
Remember The Shadow Brokers ? They are back. A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back. Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to " Equation Group " – an elite cyber attack unit linked to the NSA. Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million). However, after failed auction , the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (fr

Stolen NSA "Windows Hacking Tools" Now Up For Sale!

Stolen NSA "Windows Hacking Tools" Now Up For Sale!
January 10, 2017Mohit Kumar
The Shadow Brokers who previously stole and leaked a portion of the NSA hacking tools and exploits is back with a Bang! The hacking group is now selling another package of hacking tools, " Equation Group Windows Warez ," which includes Windows exploits and antivirus bypass tools, stolen from the NSA-linked hacking unit, The Equation Group. For those unfamiliar with the topic, The Shadow Brokers is a notorious group of black-hat hackers who, in August 2016, leaked exploits, security vulnerabilities, and "powerful espionage tools" created by The Equation Group. On Saturday, the Shadow Brokers posted a message on their ZeroNet based website, announcing the sale of the entire " Windows Warez " collection for 750 Bitcoin (around US$678,630). The data dump contains many windows hacking tools, categorized as following: Fuzzing tools (used to discover errors and security loopholes) Exploit Framework Network Implants Remote Administration Tools (RAT) Remot

After Failed Auction, Shadow Brokers Opens NSA Hacking Tools for Direct Sales

After Failed Auction, Shadow Brokers Opens NSA Hacking Tools for Direct Sales
December 15, 2016Mohit Kumar
Remember The Shadow Brokers? The hacker group that's believed to be behind the high-profile cyber theft of NSA hacking tools and exploits that sparked a larger debate on the Internet concerning abilities of US intelligence agencies and their own security The group put the stolen cyber weapons on auction but received not much response and gone quiet for some time. However, The Shadow Brokers has now appeared to have put up the NSA's hacking tools and exploits for direct sale on an underground website. A newly uncovered site reportedly contains a file signed with the cryptographic key of The Shadow Brokers, suggesting the hacker group has now moved to sell NSA hacking tools directly to buyers one by one, Motherboard reports . On Wednesday, someone going by pseudonym Boceffus Cleetus published a post on Medium, saying that the Shadow Brokers hackers are now selling "NSA tools individually." "The site also lets visitors download a selection of scree
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.