TEHRAN (FNA)- The Shadow Brokers released another cache of cyberweapons linked to the Equation Group, including Windows exploits and attack details for the SWIFT banking system.
A new trove of alleged surveillance tools and exploits from the National Security Agency’s elite hacking team have been released by the Shadow Brokers’ hacking group.
The group Friday appeared to release tools designed to target Windows PCs and servers, along with presentations and files purporting to detail the agency’s methods of carrying out clandestine surveillance.
According to several documents, the NSA used the Windows hacking tools to target several banks, including the SWIFT banking system.
The dump of Windows exploits — arguably affecting the most people and organizations and likely to cause the most damage and embarrassment to the intelligence agency — has been expected since the hacking group first emerged on the scene last year.
In case you missed it, hacking tools that were confirmed to belong to the NSA’s so-called Equation Group were stolen last year in one of the biggest breaches of classified files since the Edward Snowden revelations. These tools, allowed NSA analysts to break into a range of systems, network equipment, and firewalls, and most recently tools to target the Linux operating system — many of which were old and outdated. The group attempted to auction off the files but failed, and have been releasing portions of the stolen files in stages.
Researchers are currently poring over the cache of files.
Several of the files we’ve seen appear to be “top secret” in classification, such as JeepfleaMarket, which appears to utilize the Jeepflea program to collect data on servers at least nine international banks.
The document purports to show the infrastructure behind the system, along with another document, which shows that the NSA has deep access to some networks by exploiting VPN and firewall systems.
It appears that though most of the exploits target older Windows versions, dating back as early as Windows XP and Windows Server 2003, but many supported versions are still on the list, including Windows 7 and Windows 8.
Among the more interesting exploits found in the cache include ExplodingCan, which exploits older versions of Windows’ web server Internet Information Services with a remote backdoor. Security researcher Kevin Beaumont, who examined the exploit, said in a tweet that the tool was “very well” built.
Another exploit, dubbed EmeraldThread, is a remote Windows SMB exploit for Windows XP and 2003.
And while little is known about the so-called OddJob implant, it appears to have exploits for almost every version of Windows 2000 and later, including some server editions, some of which may still work.
Other tools point to several other remote exploits in every version of Windows, according to Hacker Fantastic, a security researcher who has been analyzing the files.
The researcher was able to run many of the exploits found in the cache, according to a tweet.
It’s not known how many of the exploits, if any, are unknown to the manufacturer. These so-called zero-day vulnerabilities are closely guarded secrets to allow analysts to carry out surveillance.
But Beaumont said that some of the tools he examined “may be” previously undisclosed, but they have yet “to be confirmed.”
A Microsoft spokesperson said: “We are reviewing the report and will take the necessary actions to protect our customers.” A spokesperson for the NSA did not return a call Friday.