shadow brokers – Page 2 – WindowsTechs.com

Chinese hackers found and repurposed elite NSA-linked tools

Posted on May 7, 2019 by Greg Otto

A hacking group with ties to Chinese intelligence has been using tools linked to the National Security Agency as far back as March 2016, according to research from security firm Symantec. The tools include some released by the Shadow Brokers, a mysterious group that dumped computer exploits once used by the NSA on the open internet in April 2017. Symantec’s research suggests that the Chinese-linked group, which the company calls “Buckeye,” was using the same NSA-linked tools at least a year before they were publicly leaked. According to Symantec, one of the tools used by Buckeye was DoublePulsar, a backdoor implant that allows attackers to stealthily collect information and run malicious code on a target’s machine. DoublePulsar was used in conjunction with another tool, which Symantec calls Trojan.Bemstour, that took advantage of various Microsoft Windows vulnerabilities in order to secretly siphon information off targeted computers. The Trojan.Bemstour exploit allowed attackers […]

The post Chinese hackers found and repurposed elite NSA-linked tools appeared first on CyberScoop.

Continue reading Chinese hackers found and repurposed elite NSA-linked tools→

ExtraPulsar backdoor based on leaked NSA code – what you need to know

Posted on April 25, 2019 by Paul Ducklin

A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017. Continue reading ExtraPulsar backdoor based on leaked NSA code – what you need to know→

How companies – and the hackers themselves – could respond to the OilRig leak

Posted on April 18, 2019 by Sean Lyngaas

In the last few weeks, hacking tools apparently used by a prolific Iran-linked group have been publicly leaked, exposing the hackers’ malicious code, the IP addresses of their servers, and their alleged victims. An unknown person or group began dumping the information last month via Telegram, and has since doxed alleged members of the group known to the cybersecurity community as OilRig, APT34, or Helix Kitten. Whoever is behind the Telegram channel claimed to expose the “names of the cruel managers” behind OilRig, and pointed the finger at the Iranian intelligence ministry. While the ties of those individuals to OilRig has not been confirmed, a remote-access trojan and other tools, which have since been posted to GitHub, are authentic and employed by the group, researchers tell CyberScoop. They have been used in a series of hacking campaigns in recent years that industry analysts say align with the interests of the […]

The post How companies – and the hackers themselves – could respond to the OilRig leak appeared first on CyberScoop.

Continue reading How companies – and the hackers themselves – could respond to the OilRig leak→

Ex-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prison

Posted on March 28, 2019 by Sean Lyngaas

A former National Security Agency contractor accused of one of the largest breaches of classified data in U.S. history pleaded guilty Thursday to one felony count and faces over six more years in federal prison. Appearing solemn and weary in federal court in Baltimore, Harold T. Martin III, 54, seemed to embrace his fate, telling the judge more than once, “It’s time [to] close Pandora’s Box.” Martin, who worked as an intelligence contractor for multiple firms for over two decades, allegedly stole some 50 terabytes of data that included details of sensitive NSA policies and cyber operations. Prosecutors said he stashed numerous computers and storage devices with classified data on his Maryland property. Under the plea deal, Martin, a former Navy lieutenant, faces nine years in prison and another three years of supervised release. He will be credited for the more than two years he has already served in custody […]

The post Ex-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prison appeared first on CyberScoop.

Continue reading Ex-NSA contractor pleads guilty to vast classified data leak, faces 9 years in prison→

Ex-NSA contractor set to plead guilty for theft of top secret information

Posted on March 27, 2019 by Greg Otto

A former National Security Agency contractor accused of perhaps the largest theft of government secrets in U.S. history is expected to plead guilty Thursday in federal court, according to court records. Harold T. Martin III has been charged with 20 counts of unauthorized and willful retention of national defense information in 2017. His trial was scheduled to start in June, but a rearraignment — a hearing held when a defendant is changing a plea — has been scheduled for 3 p.m. Thursday in Baltimore, Maryland. Martin, a former Navy officer turned defense contractor, was indicted for allegedly stealing and hoarding secret documents that outline U.S. hacking operations. Martin worked in a supporting role for multiple intelligence agencies — including the NSA and the Office of the Director of National Intelligence — during his employment at several different federal consulting firms. Investigators found over the course of their investigation that Martin had removed […]

The post Ex-NSA contractor set to plead guilty for theft of top secret information appeared first on CyberScoop.

Continue reading Ex-NSA contractor set to plead guilty for theft of top secret information→

Hal Martin’s defense says prosecutors have yet to provide essential evidence

Posted on January 9, 2019 by Jeff Stone

Attorneys for Harold T. Martin III, the former U.S. National Security Agency contractor accused of perhaps the largest theft of government secrets in American history, said in a court filing that government prosecutors have not allowed access to evidence necessary to mount a sufficient defense. Public defenders, in a document made public Tuesday, renewed their request in a Maryland federal court for an order requiring prosecutors to produce copies of the material confiscated from Martin in 2016. The defense seeks duplicates of the hard drives of the seized devices as well as copies of whatever computers the NSA used to create a database of the information that it seized. The request was made Nov. 13, 2018. The U.S. District Court for the District of Maryland had ordered the defense on Aug. 17, 2018 to have “meaningful access” to the material in question, according to the filing. The defense says in the new filing the […]

The post Hal Martin’s defense says prosecutors have yet to provide essential evidence appeared first on CyberScoop.

Continue reading Hal Martin’s defense says prosecutors have yet to provide essential evidence→

DarkPulsar FAQ

Posted on October 19, 2018 by Andrey Dolgushev

Frequently asked questions about DarkPulsar implant that was found in the “Lost in Translation” leak among other tools. Continue reading DarkPulsar FAQ→

DarkPulsar

Posted on October 19, 2018 by Andrey Dolgushev

After the “Lost in Translation” leak was revealed, we noticed that this leak contained a tool in the “implants” category called DarkPulsar. We analyzed this tool and understood that it is not a backdoor itself, but the administrative part only. Continue reading DarkPulsar→

NSA staffer takes top-secret hacking tools home ‘to study’, gets 66 months

Posted on October 3, 2018 by Lisa Vaas

Nghia Hoang Pho may not have had malicious intent, but removal of the materials forced the NSA to abandon years of signals collection work. Continue reading NSA staffer takes top-secret hacking tools home ‘to study’, gets 66 months→

Cryptocurrency Transactions May Uncover Sales of Shadow Broker Hacking Tools

Posted on June 28, 2018 by Joseph Cox

Even though the Shadow Brokers told customers to use privacy-focused cryptocurrency Zcash, researchers may have found clues pointing to who tried to buy more of the group’s wares. Continue reading Cryptocurrency Transactions May Uncover Sales of Shadow Broker Hacking Tools→