Displaying items by tag: shadow brokers

Attackers who claim they are responsible for the supply chain attack on the Texas firm SolarWinds, say they have data from their exploits which they wish to sell.

Whenever FireEye, the cyber security firm that just had its crown jewels compromised, publishes a report on some activity by malicious attackers, it always issues a judgment on where they come from – with high confidence most of the time.

The US National Security Agency says it has no information on the probe into a leak of exploits by a group known as the Shadow Brokers back in 2016. The investigation was reported to have been going on for 15 months in November 2017.

After what seems like an eternity, a security company has dared to mention the unmentionable: the US does have advanced persistent threats or nation-state attack groups which are active.

With the sentencing of former NSA contractor Harold Martin to nine years in prison for taking huge amounts of company data home, the identity of the Shadow Brokers, the group which leaked numerous NSA exploits on the Web three years ago, still remains unknown.

A bog standard attack aimed at planting a cryptocurrency miner has been found to be using advanced targeted attack tools as well, the security firm Trend Micro says, pointing out that this behaviour marks a departure from the norm.

Japanese security firm Trend Micro has found a new Windows malware family that it has named BlackSquid, which uses as many as eight exploits to attack and spread through networks.

The EternalBlue exploit for Windows, crafted by the NSA and leaked online by a group known as the Shadow Brokers, is being increasingly used in exploits two years after it was used to create the WannaCry ransomware, malware that took the world literally by storm.

There are many things that one can say about America's premier spy agency, the NSA, but one can never accuse it of not instilling an incredible degree of loyalty among most of its employees, to the extent that those who left its portals decades ago still carry water for it when someone attacks the agency.

A group, which has been given the name Buckeye, was in possession of, and utilising, NSA exploits well before they were leaked on the Web by the Shadow Brokers, the American security firm Symantec claims.

ANALYSIS Predicting the future is generally a game for mugs but it is possible to say with a high degree of certainty that there will be no details of any American advanced persistent threats or APTs unveiled during Kaspersky Lab's annual Security Analyst Summit that kicks off in Singapore on Monday.

Former NSA contractor Harold Martin, who has been in jail for allegedly taking a massive horde of security material to his house, is set to plead guilty to the charges on Friday (Thursday US time).

Nearly three years after a leak of NSA exploits by a group calling itself the Shadow Brokers disclosed the open secret that the agency keeps knowledge of vulnerabilities to itself, the Australian Signals Directorate, the equivalent agency Down Under, has posted a document indicating that it, too, does not disclose all vulnerabilities it finds, but retains some for offensive purposes.

ANALYSIS Ex-NSA employees are the most likely sources for a yarn that ran in the American website Politico last week, claiming that researchers from Russian security firm Kaspersky Lab had tipped off the NSA that one of its employees, Harold Martin, could be worth investigating, after he allegedly sent Twitter messages to them.

It is somewhat ironic that the director-general of the Australian Signals Directorate, Mike Burgess, has chosen to vent about so-called myths around the new encryption law, when the man himself has been spreading a myth about 5G technology.

It has taken just three days for the Bloomberg claims about China spying on US firms through the implant of chips on server mainboards sold by the US firm, Supermicro, to lose most of their sheen.

A former member of the NSA's elite Tailored Access Operations unit has been sentenced to 5½ years in jail, followed by three years of supervised release, for what the US Justice Department has characterised as "willfull retention of classified national defence information".

A newly discovered threat actor or advanced persistent threat, that is targeting government and private sector organisations in the Middle East, is using NSA exploits leaked by the Shadow Brokers in April last year as part of its arsenal of threats, the security firm Symantec claims.

The US Justice Department's indictment of 12 Russians for alleged hacking offences connected to the 2016 US presidential election on Friday has got at least one ex-NSA hacker fearing a reprisal.

A group of researchers from the University College London, who have completed a study on the privacy-focused digital currency Zcash, may have provided a means of finding out who received payment for NSA exploits that were put on sale by a group known as the Shadow Brokers.