From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks

From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks By Ryan Slaney and Emma DeCarli · January 20, 2026 Executive summary The December 2, 2025, publication of a massive leak revealing the inner workings of the IRGC-linked Department 40 a.k.a. APT35, Charming Kitten, and Fres...

Details of an NSA Hacking Operation

Pangu Lab in China just published a report of a hacking operation by the Equation Group aka the NSA. It noticed the hack in 2013, and was able to map it with Equation Group tools published by the Shadow Brokers aka some Russian group. …the scope of victims exceeded 287 targets in 45 countries,...

Chinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking Tool

Researchers from China's Pangu Lab have disclosed details of a "top-tier" backdoor put to use by the Equation Group, an advanced persistent threat APT with alleged ties to the cyber-warfare intelligence-gathering unit of the U.S. National Security Agency NSA. Dubbed "Bvp47" owing to numerous...

Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers

Cybersecurity researchers have offered a detailed glimpse into a system called DoubleFeature that's dedicated to logging the different stages of post-exploitation stemming from the deployment of DanderSpritz, a full-featured malware framework used by the Equation Group. DanderSpritz came to light...

shadowbroker

This repository, zhangyouren/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploit modules, payloads...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Cisco Ios

About 这个github仓库，是eqgrp-free-file.tar.xz 的免费解压版本， 源文件由“The Shadow Brokers”黑客组织放出。 加密的拍卖版本可以在网上找到和下载。 Firewall 这个文件夹包含了所有的源文件。 listing.txt则是所有文件的清单。 This repository contains the decrypted and decompressed contents of the eqgrp-free-file.tar.xz file released by "The Shadow Brokers". The contents ar...

shadowbroker

This repository, afei00123/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploits and tools, such as...

Chinese Hackers Stole an NSA Windows Exploit in 2014

Check Point has evidence that probably government affiliated Chinese hackers stole and cloned an NSA Windows hacking tool years before probably government affiliated Russian hackers stole and then published the same tool. Heres the timeline: The timeline basically seems to be, according to Check...

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations TAO unit of the U.S. National Security Agency NSA...

Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online

On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations TAO unit of the U.S. National Security Agency NSA...

China Hijacked an NSA Hacking Tool—and Used It for Years

The hackers used the agency’s EpMe exploit to attack Windows devices years before the Shadow Brokers leaked the agency’s zero-day arsenal online...

shadowbroker

This repository, lvxiao54/shadowbroker, contains a collection of exploits and tools, including the infamous Shadow Brokers dump. The primary focus of this repository is on exploiting vulnerabilities in various software and systems, particularly in the context of Windows and Linux. The repository...

shadowbroker

This repository contains a collection of exploits and tools, including the "Lost In Translation" leak from the Shadow Brokers. The repository includes exploits for various vulnerabilities, such as RedHat 7.0-7.1 Sendmail 8.11.x, Solaris 6, 7, 8, 9 & 10, and Samba 3.0.x Linux. The exploits are...

shadowbroker

This repository, csharphpython/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a variety of exploits targeting different systems and vulnerabilities, including: 1. EARLYSHOVEL: a...

shadowbroker

This repository, xyx2524/shadowbroker, contains a collection of exploits and tools for various vulnerabilities. The repository includes a README file that links to a Steemit post and an archive of a GitHub repository, misterch0c/shadowbroker. The post and repository contain information on a group...

shadowbroker-1

This repository, fengzihk/shadowbroker-1, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists various exploits, such as EARLYSHOVEL, EBBISLAND, ECHOWRECKER, EASYBEE, and...

shadowbroker

This repository, bahuwang/shadowbroker, contains a collection of exploits and tools leaked by the Shadow Brokers, a group known for releasing sensitive information. The repository includes a README file that lists the contents of the repository, which includes various exploit modules and tools...

SMB DOUBLEPULSAR Remote Code Execution Exploit

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for SMB as popularly deployed by ETERNALBLUE. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This...

RDP DOUBLEPULSAR Remote Code Execution Exploit

This Metasploit module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for RDP. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This module requires Metasploit:...

RDP DOUBLEPULSAR Remote Code Execution

This module executes a Metasploit payload against the Equation Group's DOUBLEPULSAR implant for RDP. While this module primarily performs code execution against the implant, the "Neutralize implant" target allows you to disable the implant. This module requires Metasploit:...