Shadow Brokers Threaten To Reveal Identity Of Ex-NSA Hacker

Group responsible for leaking NSA exploits resurfaces

The mysterious Shadow Brokers hacking group threatened Wednesday to reveal the identity of an alleged former NSA hacker.

In a message posted online, the group – responsible for leaking the NSA exploits which powered the WannaCry and so-called Petya ransomware outbreaks – accused the alleged hacker in broken English of “writing ugly tweet to theshadowbrokers” and of belonging to Equation Group, a highly sophisticated team suspected of being NSA.

…continue reading

Advertisements

The NSA Confronts A Problem Of Its Own Making

Recent cyberattacks show what happens when America’s secret-keepers can’t keep their secrets.

It is hard to imagine more fitting names for code-gone-bad than WannaCry and Eternal Blue. Those are just some of the computer coding vulnerabilities pilfered from the National Security Agency’s super-secret stockpile that have been used in two separate global cyber attacks in recent weeks. An attack on Tuesday featuring Eternal Blue was the second of these to use stolen NSA cyber tools—disrupting everything from radiation monitoring at Chernobyl to shipping operations in India. Fort Meade’s trove of coding weaknesses is designed to give the NSA an edge. Instead, it’s giving the NSA heartburn. And it’s not going away any time soon.

…continue reading

Hackers Working On A Global ‘ExplodingCan’ Cyber Attack

  • The hack targets computers worldwide running on Microsoft Windows 2003
  • It exploits a known flaw in the servers, triggering a buffer overflow
  • This allows hackers to remotely access the computer, and plant ransomware

Experts have warned that a devastating global cyber attack is imminent.

The hack, called ‘ExplodingCan’, targets computers running on Microsoft Windows 2003, which means that it could be used to attack 375,000 computers worldwide.

This puts it in the same risk category as last month’s WannaCry ransomware attack which caused mayhem around the world, crippling vital servers such as those used by the NHS.

…continue reading

Who Are the Shadow Brokers?

What is—and isn’t—known about the mysterious hackers leaking National Security Agency secrets

In 2013, a mysterious group of hackers that calls itself the Shadow Brokers stole a few disks full of National Security Agency secrets. Since last summer, they’ve been dumping these secrets on the internet. They have publicly embarrassed the NSA and damaged its intelligence-gathering capabilities, while at the same time have put sophisticated cyberweapons in the hands of anyone who wants them. They have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers, forcing those companies and their customers to scramble. And they gave the authors of the WannaCry ransomware the exploit they needed to infect hundreds of thousands of computer worldwide this month.

After the WannaCry outbreak, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools.

Who are these guys? And how did they steal this information? The short answer is: We don’t know. But we can make some educated guesses based on the material they’ve published.

…continue reading

“ShadowBrokers” Hacking Group Launches Subscription Service Selling Nuclear Secrets

The hacking group known as ‘The Shadow Brokers’ is pushing a monthly subscription service offering members top secret information including “compromised network data” from the nuclear and ballistic missile programs of Russia, China, North Korea and Iran.

https://www.rt.com/viral/388717-shadow-brokers-monthly-subscription/video/

As a reminder, we have noted in the past, many security experts believe the Equation Group is the National Security Agency, and that the Shadow Brokers may be part of a psychological operations campaign run by Russian intelligence.

Shadow Brokers first emerged last August, offering to auction hacking exploits it said were used by the NSA’s elite hacking team known as Equation Group (officially named Tailored Access Operations). NSA whistleblower Edward Snowden and others confirmed the leak was authentic.

In December, Shadow Brokers cancelled its auction and offered to sell the exploits.

In April, the group released passwords to the rest of the hacking exploits in a move described as a protest against President Donald Trump for abandoning his base.

The release included a Windows SMB [Server Message Block] exploit, EternalBlue, which was leveraged in the recent WannaCry global ransomware attack.

In its Tuesday blog post, the group expressed its surprise that governments or tech companies didn’t bid in its past auctions.

It said is has always been about “the shadowbrokers vs theequation group,” and implied the NSA is a cohort of tech companies like Microsoft….continue reading

 

Another Large-Scale Cyberattack Underway: Experts

A global cybersecurity firm has warned that another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide.

 

Another large-scale, stealthy cyberattack is underway on a scale that could dwarf last week’s assault on computers worldwide, a global cybersecurity firm told AFP on Wednesday.

The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.

Following the detection of the WannaCry attack on Friday, researchers at Proofpoint discovered a new attack linked to WannaCry called Adylkuzz, said Nicolas Godier, a researcher at the computer security firm.

“It uses the hacking tools recently disclosed by the NSA and which have since been fixed by Microsoft in a more stealthy manner and for a different purpose,” he said.

Instead of completely disabling an infected computer by encrypting data and seeking a ransom payment, Adylkuzz uses the machines it infects to “mine” in a background task a virtual currency, Monero, and transfer the money created to the authors of the virus….continue reading

Experts Find Cyber Attack Using Adylkuzz, Another NSA Hacking Tool

The world faced a massive ransomware attack using WannaCry, an NSA hacking tool last week, which affected 150 countries.

While investigating the WannaCry attack, experts found another ongoing cyber attack. The cybersecurity firm Proofpoint said the newly discovered attack, using Adylkuzz, is a lot quieter than WannaCry, but “has likely generated millions of dollars in cryptocurrency for the unknown attackers.” ABC News continued:

According to Ryan Kalember, the senior vice president for cybersecurity at Proofpoint, the attack employed the same hacking tools developed by the U.S. National Security Agency (NSA) and leaked to the public by the hacker group Shadow Brokers in April to exploit vulnerabilities in the Microsoft Windows operating system.

“I would say the real-world impact of this attack is going to be more substantial than WannaCry,” Kalember told ABC News. “Ransomware is painful, but you can restore operations relatively quickly. Here, you have a huge amount of money landing in some bad people’s hands. That has geopolitical consequences.”

The firm reported it found attacks from Adylkuzz “dating back to May 2, which would predate the WannaCry attacks, making Adylkuss the first known widespread use of the leaked NSA hacking tools.” Again, no one noticed this attack “because its impact on users is far less noticeable than ransomware.” ABC News continued:

“It takes over your computer, but you probably don’t notice anything other than that the system runs really slow,” Kalember said. “Your computer might be mining cryptocurrency for some very bad people.”

Proofpoint described why the attackers used Adylkuzz:

In this attack, Adylkuzz is being used to mine Monero cryptocurrency. Similar to Bitcoin but with enhanced anonymity capabilities, Monero recently saw a surge in activity after it was adopted by the AlphaBay darknet market, described by law enforcement authorities as “a major underground website known to sell drugs, stolen credit cards and counterfeit items.” Like other cryptocurrencies, Monero increases market capitalization through the process of mining. This process is computationally intensive but rewards miners with funds in the mined currency, currently 7.58 Moneros or roughly $205 at current exchange rates.

Figure 3 shows Adylkuzz mining Monero cryptocurrency, a process that can be more easily distributed across a botnet like that created here than in the case of Bitcoin, which now generally requires dedicated, high-performance machines.

No one knows the attackers behind this attack, but Kalember stated that the “North Korean-backed Lazarus Group – the same hacker group linked to the WannaCry attacks – launched a similar cryptocurrency mining attack in late 2016.”

Microsoft produced patches for PCs “to address the vulnerability exploited by both WannaCry and Adylkuzz.” Proofpoint warned people that if the attacks poisoned their PCs, it can still remain compromised even after installing the patches. The firm encouraged everyone, though, to download the patches.

Source: Experts Find Cyber Attack Using Adylkuzz, Another NSA Hacking Tool

%d bloggers like this: