shadow brokers – WindowsTechs.com

Chinese researchers accuse NSA of being behind a powerful exploit

Posted on February 23, 2022 by Tonya Riley

A Chinese cybersecurity firm released a report Wednesday that revealed a decade-old exploit allegedly created by a covert hacking group associated with the U.S. National Security Agency. The report is the first time that a Chinese cybersecurity firm has both attributed a cyberattack to a U.S. hacking group and included technical indicators of compromise. “It’s a completely different type of report here that that seems to mimic Western name-and-shame,” said Winnona DeSombre, fellow at the Atlantic Council and Harvard’s Belfer Center. Pangu Lab researchers said they first discovered the backdoor in 2013 during an “in-depth forensic investigation of a host in a key domestic department.” The researchers were later able to tie it to the “The Equation Group,” a group of hackers said to be affiliated with the NSA, after NSA documents leaked by a group known as the “The Shadow Brokers” published hacking files that allegedly belonged to the […]

The post Chinese researchers accuse NSA of being behind a powerful exploit appeared first on CyberScoop.

Continue reading Chinese researchers accuse NSA of being behind a powerful exploit→

Chinese hackers stole another NSA-linked hacking tool, research finds

Posted on February 22, 2021 by Shannon Vavra

The U.S. intelligence community was rocked in 2017 when a group of mysterious hackers known as the Shadow Brokers leaked a trove of National Security Agency hacking tools for public consumption. The exact identity of the leakers remains unknown to this day. According to a growing body of security research, though, hackers with suspected links to the Chinese government may have had access to some of the same tools before they were published, and the Shadow Brokers may not be the only thieves the U.S. intelligence community has to worry about. According to new research from Israeli security firm Check Point published Monday, a group of Chinese hackers known as APT31 appear to have copied an exploit developed by Equation Group, a hacking group broadly believed to be associated with the NSA, more than two years before the Shadow Brokers leaked the trove of NSA tools. The exploit, which Check […]

The post Chinese hackers stole another NSA-linked hacking tool, research finds appeared first on CyberScoop.

Continue reading Chinese hackers stole another NSA-linked hacking tool, research finds→

A discovered malware sample uses code from the NSA and a Chinese hacking group

Posted on May 7, 2020 by Shannon Vavra

Good hackers steal, great hackers borrow. According to new research from ESET, a code obfuscation tool that’s been linked to Chinese-based hackers has been used in tandem with an implant that has been attributed to Equation Group, a hacking faction that is broadly believed to have ties to the National Security Agency. ESET says the obfuscation tool is linked with Winnti Group, while the implant, known as PeddleCheap, appeared in an April 2017 leak from the mysterious group known as the Shadow Brokers. It’s unclear if the sample was used in a malicious campaign or if it’s the product of a security researcher experimenting with different tools, according to Marc-Étienne Léveillé, a malware researcher at ESET. It was uploaded to malware-sharing repository VirusTotal in 2017, according to Léveillé. The Winnti-linked packer was used in a series of intrusions at gaming organizations in 2018, which ESET has previously documented. ESET published its findings […]

The post A discovered malware sample uses code from the NSA and a Chinese hacking group appeared first on CyberScoop.

Continue reading A discovered malware sample uses code from the NSA and a Chinese hacking group→

Shadow Brokers data dump tipped researchers off to a mysterious APT dubbed DarkUniverse

Posted on November 5, 2019 by Jeff Stone

Clues about a hacking group that carried out attacks against targets in countries including Syria, Iran and Russia were included in files leaked by a mysterious group known as the Shadow Brokers, according to new findings. Researchers from the security vendor Kaspersky published a report Tuesday detailing an advanced persistent threat (APT) group the company has dubbed DarkUniverse. Documents published in 2017 by the Shadow Brokers — an elusive group that publicly disseminated NSA hacking tools — included a script that checked for other hacking groups lurking in a compromised system. DarkUniverse was among the groups the script could check for. The DarkUniverse group hit victims in Afghanistan, Tanzania, Ethiopia, Belarus and the United Arab Emirates, along with more common targets like Russia, Iran and Syria. All told, the APT group breached “around” 20 victims ranging from military agencies to private sector organizations like telecommunication firms, and medical institutions. “We believe […]

The post Shadow Brokers data dump tipped researchers off to a mysterious APT dubbed DarkUniverse appeared first on CyberScoop.

Continue reading Shadow Brokers data dump tipped researchers off to a mysterious APT dubbed DarkUniverse→

DarkUniverse – the mysterious APT framework #27

Posted on November 5, 2019 by GReAT

Well-known ‘Lost in Translation’ leak, among other things, contained an interesting script that checked for traces of other APTs in the compromised system. In 2018, we found an APT described as the 27th function of this script, which we call ‘DarkUniverse’. Continue reading DarkUniverse – the mysterious APT framework #27→

China’s APT3 Pilfers Cyberweapons from the NSA

Posted on September 6, 2019 by Tara Seals

Large portions of APT3’s remote code-execution package were likely reverse-engineered from prior attack artifacts. Continue reading China’s APT3 Pilfers Cyberweapons from the NSA→

How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.

Posted on September 5, 2019 by Shannon Vavra

A Chinese hacking group that has been using tools linked with the National Security Agency might have obtained at least one without breaching NSA systems, according to researchers at cybersecurity company Check Point. The Chinese hacking group APT3, which somehow had in its possession an NSA-linked tool in advance of public leaks in 2016 and 2017, appears to have acquired it by analyzing network traffic on a system that was potentially targeted by the NSA, Check Point says. The theory is that after observing the exploit in the wild, APT3 incorporated it into its own arsenal of attacks with some tweaks, the researchers say. “Check Point learned that the Chinese group was monitoring in-house machines that were compromised by the NSA, capturing the traffic of the attack and was leveraging it to reverse engineer the software vulnerabilities,” the researchers write. Check Point acknowledges that it “can’t prove this beyond any doubt.” The company says it does not know for sure […]

The post How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory. appeared first on CyberScoop.

Continue reading How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.→

Former NSA contractor sentenced to 9 years for theft of government info

Posted on July 19, 2019 by Shannon Vavra

Former NSA contractor Harold T. Martin was sentenced Friday to 9 years in prison for his role in a massive theft of classified documents. Martin was responsible for one of the largest leaks of U.S government secrets, after it was found that the former NSA contractor possessed up to 50 terabytes of classified government documents he collected over the course of two decades. Judge Richard Bennett’s sentence falls short of the maximum number of years Martin previously face — 10 years for each of the 20 counts against him — for unauthorized and willful retention of national defense information. However, the sentence aligns with the plea agreement his public defenders reached with the U.S. government. The U.S. attorneys said his theft called for “significant” prison time, according to the government’s sentencing memorandum, which CyberScoop obtained. “The exceptionally grave nature and circumstances of the defendant’s criminal conduct call for a significant […]

The post Former NSA contractor sentenced to 9 years for theft of government info appeared first on CyberScoop.

Continue reading Former NSA contractor sentenced to 9 years for theft of government info→

Baltimore city ransomware attack is powered by stolen NSA hacking tool

Posted on May 27, 2019 by Uzair Amir

By Uzair Amir
This time the hacking tool being used is EternalBlue. The New York Times has reported that the recent ransomware attacks in major US cities specifically Baltimore are closely linked together due to the fact that the key component in all t… Continue reading Baltimore city ransomware attack is powered by stolen NSA hacking tool→

Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak

Posted on May 7, 2019 by Tara Seals

Forensic analysis shows a Chinese APT using Equation Group hacking tools at least a year before Shadow Brokers dumped its cache in April 2017. Continue reading Chinese Spies Stole NSA Cyberweapons Long Before Shadow Brokers Leak→