Shadow Brokers Dump More Stolen NSA Tools

By MDL on April 18, 2017

On Friday, the hacking group The Shadow Brokers released another batch of files that they say were taken from the NSA. After analyzing the files, security researchers found two key pieces of information that reveals more about how the NSA operates.

  1. Windows Exploits: This info dump included exploit tools that could be used to compromise a variety of Windows systems. The exploits included zero day vulnerabilities and generally targeted older versions of Windows
  2. SWIFT Network Breach: Released files indicate that the NSA used exploits to gain information from the SWIFT Service Bureaus and accessed banking data from Middle East financial institutions. SWIFT Service Bureaus manage and facilitate connections between financial institutions around the world through SWIFTNet.

Microsoft released a statement that “most of” the vulnerabilities associated with the exploits leaked by the Shadow Brokers had been previously patched in March. The statement was published on the Microsoft TechNet blog on April 14th, only hours after the purported NSA exploits were dumped online by the Shadow Brokers. Microsoft says that “customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk.” A Reuters article quotes a representative of Microsoft as saying, “Other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers.”

SWIFT insists that its infrastructure was not compromised, but in a Threatpost article, a SWIFT representative is quoted as saying, “There is no impact on SWIFT’s infrastructure or data, however these we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties.”

Microsoft’s statement includes a pointed reminder that Microsoft supports “coordinated vulnerability disclosure as the most effective means to ensure customers and the computing ecosystem remains protected.” This part of the statement seems to be a quiet message to the NSA, who did not disclose the zero day vulnerabilities they discovered, but instead created tools to exploit Windows systems.

Shadow Brokers published a message that they would be “going dark, making exit” in January previously before returning to leak a series of new files throughout the spring. The hacking droup released information targeting UNIX based exploits and vulnerabilities one week before this latest batch of data.

Sources: Threatpost, ShadowBrokers Expose NSA Access to SWIFT Service BureausBBC, Microsoft patched ‘NSA hack’ Windows flaws before leakMicrosoft, TechNet, Protecting customers and evaluating riskWired, Major Leak Suggests NSA Was Deep in Middle East Banking SystemReuters, Hacker documents show NSA tools for breaching global money transfer systemReuters, Hackers release files indicating NSA monitored global bank transfers.