Shadow brokers, a hacking group famous for its cyber shenanigans has strike back again. Earlier yesterday, the group dumped online, a huge list of hacking tools and techniques used by the US National Security Agency (NSA) to target Global banking system and Windows users around the world.
The Million Dollar List
According to several security analysts, the list leaked by the hacking group could have been sold for over $2 million dollars in the black market. Instead, the hacking group chose to just dump the list online and have made it publicly available.
Related: Hackers Leak Passwords to NSA’s “Top Secret Arsenal” against Trump’s Policies
The list consists of several hacking tools and exploits allegedly made by the US National Security Agency (NSA). Easybee-1.0.1.exe, Darkpulsar-1.1.0.exe, Mofconfig-1.0.0.exe, several zero-day exploits including Erraticgopher-1.0.1.exe, Esteemaudit-2.1.0.exe and etc. are all included in the list.
Experts are describing as the biggest exposure of NSA files since the Edward Snowden’s leaks in 2013.
Mother of All Exploits
Edward Snowden has described this leak as “The mother of all exploits” as it covers a wide range of security flaws affecting thousands of targets. Some of the exploits included in the list have already been patched by security experts. However, some security flaws are yet to be dealt with, which only shows the list significance!
Nice catch: 2013 archive confirms #NSA hacked the EU's SWIFT network, violating data-sharing agreement. Any comment yet from EU? https://t.co/p86jgSqtj8
— Edward Snowden (@Snowden) April 14, 2017
Affected parties
As per reports, one of the targeted parties was Swift- a global banking network. According to a document leaked with the list, Swift was being targeted by the NSA and at least one major bureau, Eastnets, may have been affected.
Founder of Comae technologies, Mr. Matt Suiche, told media:
“If you hack the service bureau, it means that you also have access to all of their clients, all of the banks,”
Furthermore, the list included several implants which were used by customers of Eastnets located in Kuwait, Dubai, Bahrain, Jordan, Yemen and Qatar. The document accompanying the list shows proofs of the breach of Eastnets security network. However, Eastnets denies the allegation of a possible security breach
https://twitter.com/msuiche/status/852844265264865280
An Eastnet official told media:
“The reports of an alleged hacker-compromised EastNets Service Bureau Network is totally false and unfounded. The EastNets Network Internal Security Unit has run a complete check of its servers and found no hacker compromise or any vulnerabilities.”
A security researcher from Tenable suggested that “the US government had the capability to monitor, if not disrupt, financial transactions to terrorist groups.”
Watch out Windows users
The list also includes numerous “Zero days” exploits essentially being used to target Windows users. Some of the vulnerabilities have been dealt with by the security experts. However, there could be some unpatched flaws!
Upon analyzing the exploits, security researchers suggested that the exploits could not be used to target the latest version of Windows 10. However, older versions could be victimized.
More to come
This is not the first time that Shadow Brokers have dropped a bomb on the reputation of the NSA and we could safely assume that this will not be the last one either. It looks like NSA is the favorite target of the hacking group- Shadow Brokers and we might get to see more of the same pretty soon.
Here is a video showing ETERNALBLUE being used to compromise a Windows 2008 R2 SP1 x64 host in under 120 seconds with FUZZBUNCH #0day ;-) pic.twitter.com/I9aUF530fU
— hackerfantastic.crypto (@hackerfantastic) April 14, 2017
The files are mirrored on Github here.