The Shadow Brokers need no introduction. The same can be said for the batch of stolen files the Shadow Brokers recently set loose. And naturally, the stolen files made their rounds across the internet. As with many things in this sector, it took no time before the darknet started crawling with both the files and communities—new and old—centered around the collection of hacking tools and zero-day exploits.
According to an analyst team at SenseCy, a cyber intelligence group, some underground hacking communities have hit their highest point yet. Not only because these hacking tools proved themselves some of the most powerful tools to date, but a interest spike too. This should come as little surprise as well; every time the Shadow Brokers surfaced in the news, even the mainstream media involved themselves.
As we have written about in the past, hidden service Russian forums routinely come off as the most brazen of them all. SenseCy analysts reported seeing such forums buzzing with extreme activity. “For example, a moderator of one of the forums uploaded the entire leak (more than 6,000 files) to the private server of a closed forum called Kickass, for the use of the community,” the SenseCy blog explained.
Tutorials for using some of the files—the files in the form of really deployable tools—appeared on the clearnet and darknet the very same day of the data dump. Analysts at the Israel-based cyber intelligence firm revealed that the Equation Groups self-developed framework attracted a serious interest. (The Equation Groups self-developed framework or the National Security Administration‘s; at this point, the connection between the two, or lack thereof, means very little). CyberScoop compared Equation Groups framework to Metasploit, a renowned penetration testing framework.
Both Russian and Chinese forums displayed a particular interest in a Microsoft Windows SMB exploit. The exploit, dubbed ETERNALBLUE, developed a reputation for itself as one of the most powerful exploits released. “Hackers [have] shared the leaked [NSA] information on various platforms, including explanations [for how to use the tools] published by Russian-language blogs,” SenseCy Director Gilles Perez told CyberScoop. “We identified [one] discussion dealing with the SMB exploit [ETERNALBLUE], where hackers expressed interest in its exploitation and share instruction on how to do so.”
Microsoft dealt with the exploit in a March security update. But “Actors were focused on the unique trigger point for [ETERNALBLUE] and some claimed that the patches for CVE-2017-0143 through -0148 were insufficient because they did not address the base code weaknesses,” analysts at the cyber intelligence firm Recorded Future wrote.
We have seen this type of behavior in the past, albeit with less equipped and less devastating tools. Usually we see new variations of various banking trojans or ransomware kits. One thing is certain; this type of software will almost always find a home on darknet forums. Given that many of the tools came in the form of zero-day exploits and the Shadow Brokers released 6,000 or more of these files to the public, a new wave of attacks is imminent.
TheBitcoinNews.com – Bitcoin News source since June 2011 –
Virtual currency is not legal tender, is not backed by the government, and accounts and value balances are not subject to consumer protections. TheBitcoinNews.com holds several Cryptocurrencies, and this information does NOT constitute investment advice or an offer to invest.
Everything on this website can be seen as Advertisment and most comes from Press Releases, TheBitcoinNews.com is is not responsible for any of the content of or from external sites and feeds. Sponsored posts are always flagged as this, guest posts, guest articles and PRs are most time but NOT always flagged as this. Expert opinions and Price predictions are not supported by us and comes up from 3th part websites.
Advertise with us : Advertise
Our Social Networks: Facebook Instagram Pinterest Reddit Telegram Twitter Youtube
