{"id":7352,"date":"2017-04-14T11:10:02","date_gmt":"2017-04-14T19:10:02","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/14\/news-1143\/"},"modified":"2017-04-14T11:10:02","modified_gmt":"2017-04-14T19:10:02","slug":"news-1143","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/14\/news-1143\/","title":{"rendered":"ShadowBrokers releases more stolen information"},"content":{"rendered":"

Credit to Author: Adam McNeil| Date: Fri, 14 Apr 2017 18:03:09 +0000<\/strong><\/p>\n

ShadowBrokers shocked the security world again today by releasing another cache of exploits, files, and operational documents purportedly stolen from Equation Group last summer.\u00a0 As you may recall from our earlier publications<\/a>, Equation Group is reportedly a clandestine hacking group that has been linked with NSA hacking tools.<\/p>\n

The dump of information released today contains a number of exploits and Windows binary files that were not seen with the previous collection of information.\u00a0 While the \u2018Auction\u2019 file may have contained obsolete exploits and information, this new release appears to contain much more recent and current data including 0-Day exploits.\u00a0 While we haven\u2019t had time to fully review the information, Twitter user HackerFantastic<\/a> has already reported a successful 0-day exploit on Windows 2008 Server.<\/p>\n

\"\"<\/p>\n

HackerFantastic showing exploit against Windows 2008<\/p>\n<\/div>\n

 <\/p>\n

\"\"<\/p>\n

NSA-FTS327 USA USA strings located<\/p>\n<\/div>\n

One bit of information we have already uncovered are \u2018Author\u2019 tags located on some of the document files.\u00a0 These tags contain reference to a string: NSA-FTS327.This string appears in a number of NSA Organizational documents and appears to be related to the Requirements and Targeting office.\u00a0 The Snowden Surveillance Archive identifies the Requirements and Targeting office designation as FTS327, and provides a document authored by NSA\u2019s Texas TAO, Requirements and Targeting office suggesting that Computer Network exploitation was used to exploit a weakness in Mexican President Felipe Calderon\u2019s public email.\u00a0 The program used the code name of \u2018FlatLiquid\u2019.\u00a0 While no mention of that particular string has been in this dump, if the Author string found on the documents is accurate, then that would suggest there may be validity in the claims that these are NSA tools.<\/p>\n

 <\/p>\n

\"\"<\/p>\n

Screenshot of Snowden Surveillance Archive showing the FTS327 designation.<\/p>\n<\/div>\n

There is lots of information to sift through in this dump before researchers have an idea to the scope of the release, and it may take several days for a full analysis of the information has been completed. \u00a0If there are active 0-Days, we will see software manufactures scramble to release timely patches to help thwart almost certain use of this code by malicious actors in the \u2018residential\u2019 business of malware infection \u2013 as we saw with Microsoft earlier this week in regards to the Office 0-Day that was circulating via spam.<\/p>\n

We are currently analyzing the roughly 1000 Windows binaries that were included, and if necessary, will be pushing any needed updated before I even finish proofing this blog entry.<\/p>\n

The post ShadowBrokers releases more stolen information<\/a> appeared first on Malwarebytes Labs<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Credit to Author: Adam McNeil| Date: Fri, 14 Apr 2017 18:03:09 +0000<\/strong><\/p>\n\n\n\n
<\/a><\/td>\n<\/tr>\n
ShadowBrokers shocked the security world again today by releasing another cache of exploits, files, and operational documents purportedly stolen from Equation Group last summer. As you may recall from our earlier publications, Equation Group is reportedly a clandestine hacking group that has been linked with NSA hacking tools.<\/p>\n

Categories: <\/p>\n