Category Archives: ShadowBrokers

Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy

Posted on by

Just 24 hours after a malicious worm infected thousands of computers across Europe, the now infamous Shadow Brokers group published a message celebrating the chaos, advertised a vague new “VIP service” and threatened an unnamed former NSA official for “writing ugly tweets.” In a post on social media publishing site Steemit, the group also hinted at being in possession of FBI hacking tools. Until Wednesday, it was largely believed that only NSA-linked exploits had been published by the group. The Shadow Brokers described a former NSA official “as a doctor living in Hawaii that owns a security company.”  The group threatened to publish this person’s personal information — a practice known as “doxxing” — including their operational history at NSA. The person’s record included missions targeting Chinese nationals, the Shadow Brokers said. “TheShadowBrokers is thinking ‘doctor’ person is former EquationGroup developer who built many tools and hacked organization in China,” the blog […]

The post Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy appeared first on Cyberscoop.

Continue reading Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy

Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy

Posted on by

Just 24 hours after a malicious worm infected thousands of computers across Europe, the now infamous Shadow Brokers group published a message celebrating the chaos, advertised a vague new “VIP service” and threatened an unnamed former NSA official for “writing ugly tweets.” In a post on social media publishing site Steemit, the group also hinted at being in possession of FBI hacking tools. Until Wednesday, it was largely believed that only NSA-linked exploits had been published by the group. The Shadow Brokers described a former NSA official “as a doctor living in Hawaii that owns a security company.”  The group threatened to publish this person’s personal information — a practice known as “doxxing” — including their operational history at NSA. The person’s record included missions targeting Chinese nationals, the Shadow Brokers said. “TheShadowBrokers is thinking ‘doctor’ person is former EquationGroup developer who built many tools and hacked organization in China,” the blog […]

The post Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy appeared first on Cyberscoop.

Continue reading Shadow Brokers grow increasingly aggressive, threaten to dox former U.S. spy

Global ransomware outbreak spread in part due to NSA-linked hacking tool

Posted on by

A growing number of cybersecurity firms, including BitDefender, Kaspersky Lab and Symantec, along with a cohort of independent cybersecurity researchers, say that the quickly spreading ransomware variant, known as Petya, is proliferating in part due to two previously leaked NSA hacking tools, codenamed EternalBlue and EternalRomance. This is not the first time in recent months that hackers combined leaked NSA computer code with ransomware to make their attacks more potent. Some researchers disagree on how to define the quickly spreading malware; with various security experts calling the ransomware a variant of Peyta, or GoldenEye, and others explaining it as an entirely different computer virus. Regardless, commonalities do exist and incidents involving what appears to be the same “Peyta” ransomware were reported Tuesday across most of Europe. Peyta is believed to be more complex than a similar recent attack known as WannaCry, which was also powered by EternalBlue; although in a slightly different fashion. […]

The post Global ransomware outbreak spread in part due to NSA-linked hacking tool appeared first on Cyberscoop.

Continue reading Global ransomware outbreak spread in part due to NSA-linked hacking tool

Say Goodbye to SMBv1 in Windows Fall Creators Update

Posted on by

The SMBv1 file-sharing protocol abused by the NSA’s EternalBlue exploit to spread WannaCry ransomware is being disabled in the upcoming Windows Fall Creators Update, or Redstone 3. Continue reading Say Goodbye to SMBv1 in Windows Fall Creators Update

Attackers Mining Cryptocurrency Using Exploits for Samba Vulnerability

Posted on by

Kaspersky Lab said it has seen some of the first exploits targeting a patched Samba vulnerability, and those are being used to mine Monero cryptocurrency. Continue reading Attackers Mining Cryptocurrency Using Exploits for Samba Vulnerability

Windows 10 Mitigations Make Future EternalBlue Attacks Difficult

Posted on by

Now that researchers have built a port of EternalBlue to Windows 10, they’ve probably only now caught up to what the NSA has had for a long while. Continue reading Windows 10 Mitigations Make Future EternalBlue Attacks Difficult

NSA’s EternalBlue Exploit Ported to Windows 10

Posted on by

Researchers have ported the EternalBlue exploit to Windows 10, meaning that any unpatched version of Windows can be affected by the NSA attack. Continue reading NSA’s EternalBlue Exploit Ported to Windows 10

Threatpost News Wrap, June 2, 2017

Posted on by

Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach.

Continue reading Threatpost News Wrap, June 2, 2017

WikiLeaks Dumps CIA Patient Zero Windows Implant

Posted on by

Pandemic is a Windows implant built by the CIA that turns file servers into Patient Zero on a local network, infecting machines requesting files with Trojanized replacements. Continue reading WikiLeaks Dumps CIA Patient Zero Windows Implant