Displaying items by tag: shadow brokers

Details about a spying tool, claimed to be developed by the American NSA and able to reside in a Linux machine in order to steal information, has been reported by Global Times, a Chinese newspaper which has a pro-government tilt.

In what is an unusual turn of events, a Chinese security firm has revealed details about malware that it says emanated from the portals of the US National Security Agency.

The head of security firm Kaspersky's Global Research and Analysis Team, Costin Raiu, says in 2019 more than 70 security companies were given samples of malware that was created by the CIA.

Google has caused an anti-terrorist operation being run by a Western Government which is an ally of the US to be shut down by revealing details about the use of zero-day exploits in the campaign.

A second case of NSA exploits being customised and used for attacks, before they were leaked on the Web by a group known as the Shadow Brokers in 2017, has come to light, this time following research by the Israel-based cyber security firm Check Point Research.

Attackers who claim they are responsible for the supply chain attack on the Texas firm SolarWinds, say they have data from their exploits which they wish to sell.

Whenever FireEye, the cyber security firm that just had its crown jewels compromised, publishes a report on some activity by malicious attackers, it always issues a judgment on where they come from – with high confidence most of the time.

The US National Security Agency says it has no information on the probe into a leak of exploits by a group known as the Shadow Brokers back in 2016. The investigation was reported to have been going on for 15 months in November 2017.

After what seems like an eternity, a security company has dared to mention the unmentionable: the US does have advanced persistent threats or nation-state attack groups which are active.

With the sentencing of former NSA contractor Harold Martin to nine years in prison for taking huge amounts of company data home, the identity of the Shadow Brokers, the group which leaked numerous NSA exploits on the Web three years ago, still remains unknown.

A bog standard attack aimed at planting a cryptocurrency miner has been found to be using advanced targeted attack tools as well, the security firm Trend Micro says, pointing out that this behaviour marks a departure from the norm.

Japanese security firm Trend Micro has found a new Windows malware family that it has named BlackSquid, which uses as many as eight exploits to attack and spread through networks.

The EternalBlue exploit for Windows, crafted by the NSA and leaked online by a group known as the Shadow Brokers, is being increasingly used in exploits two years after it was used to create the WannaCry ransomware, malware that took the world literally by storm.

There are many things that one can say about America's premier spy agency, the NSA, but one can never accuse it of not instilling an incredible degree of loyalty among most of its employees, to the extent that those who left its portals decades ago still carry water for it when someone attacks the agency.

A group, which has been given the name Buckeye, was in possession of, and utilising, NSA exploits well before they were leaked on the Web by the Shadow Brokers, the American security firm Symantec claims.

ANALYSIS Predicting the future is generally a game for mugs but it is possible to say with a high degree of certainty that there will be no details of any American advanced persistent threats or APTs unveiled during Kaspersky Lab's annual Security Analyst Summit that kicks off in Singapore on Monday.

Former NSA contractor Harold Martin, who has been in jail for allegedly taking a massive horde of security material to his house, is set to plead guilty to the charges on Friday (Thursday US time).

Nearly three years after a leak of NSA exploits by a group calling itself the Shadow Brokers disclosed the open secret that the agency keeps knowledge of vulnerabilities to itself, the Australian Signals Directorate, the equivalent agency Down Under, has posted a document indicating that it, too, does not disclose all vulnerabilities it finds, but retains some for offensive purposes.

ANALYSIS Ex-NSA employees are the most likely sources for a yarn that ran in the American website Politico last week, claiming that researchers from Russian security firm Kaspersky Lab had tipped off the NSA that one of its employees, Harold Martin, could be worth investigating, after he allegedly sent Twitter messages to them.

It is somewhat ironic that the director-general of the Australian Signals Directorate, Mike Burgess, has chosen to vent about so-called myths around the new encryption law, when the man himself has been spreading a myth about 5G technology.