The Shadow Brokers : Lost In Translation
by AKM
Posted on April 20, 2017 at 12:30 PM
Shadow Brokers leak NSA hacking tools
Notorious hacker collective known as the "Shadow Brokers" have leaked Equation Group's hacking tools. In a release labeled "Lost In Translation" includes top of the line exploits aimed towards Windows machines. The archive was once up for auction, although now it appears that the collective is releasing them all for the public to enjoy.
Here is the post made by Shadow Brokers (link by Yandex has been terminated). Within the archive resides a haven of exploits, one codenamed "FuzzBunch" which is essentially Equation Group's equivalent to MetaSploit and another tool called "DanderSpritz" which serves as the management console for infected computers.
For further analysis of these files, I have created a repository for these tools (decrypted original files) here. The exploits may be very interesting for researching purposes, but one main concern that arises from all of this is its ties to other exploits. Specifically a infamous computer worm known as Stuxnet that dates back into 2010. What we've learned from Snowden is that Stuxnet was created by the NSA and Israeli government to deactivate nuclear centrifuges located in Iran.
This photo is taken from what appears to be the result of completely exploiting a system using FuzzBunch. A gold medal. Stuxnet was given the codename "Olympic Games". Coincidence? Most likely not.
Here is also a image taken from Virus Total (credit: Kevin Beaumont). In an ironic twist, the MOF that's being detected as Stuxnet included in the Shadow Broker's leak dates back to 2009. This is as closest anyone has gotten to debunking Stuxnet's origins. Microsoft also claims it had already patched the exploits around one month prior to the release.
InfoSec Related