Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report

New research has found evidence that a Chinese-affiliated threat group APT31 has hijacked a hacking tool previously used by the Equation Group which has been tied to the U.S. National Security Agency, or NSA. The tool in question, dubbed “Jian,” is used to exploit a local privilege-escalation LPE...

FireEye Hacked

FireEye was hacked by -- they believe -- "a nation with top-tier offensive capabilities": During our investigation to date, we have found that the attacker targeted and accessed certain Red Team assessment tools that we use to test our customers’ security. These tools mimic the behavior of many...

How threat actors are using SMB vulnerabilities

Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block SMB to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services. A pat...

DarkPulsar

In March 2017, the ShadowBrokers published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. DanderSpritz consists entirely of plugins to gather intelligence, use exploits and examine already controlled machines. It is written in Java and provides a graphical window...

Bad Rabbit Linked to ExPetr/Not Petya Attacks

A link has been confirmed between the Bad Rabbit ransomware outbreak detected yesterday in major organizations in Russia and Ukraine and this summer’s ExPetr/Not Petya attacks. Researchers at Kaspersky Lab said there are “clear ties” between the two attacks though one major piece of the puzzle is...

ShadowBrokers Releases NSA UNITEDRAKE Manual

The ShadowBrokers released the manual for UNITEDRAKE, a sophisticated NSA Trojan that targets Windows machines: Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a...

UNITEDRAKE Looms Large…Maybe

Responsible disclosure is a critical process in the security community. It’s the way for security researchers and vendors to work together in order to improve system security for users. We see the opposite of this process in the digital underground. Cybercriminals often sell exploits and maliciou...

New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware

By Waqas The ShadowBrokers is a group of hackers known for leaking This is a post from HackRead.com Read the original post: New NSA Data Dump: ShadowBrokers Release UNITEDRAKE Malware...

ShadowBrokers Remain an Enigma

LAS VEGAS—Clarity and the ShadowBrokers are strange bedfellows. We’re closing in on the first anniversary of the mysterious group’s initial dump of NSA hacking tools and we’re still no closer to understanding who they are, where they got their stuff, and what their true motivations are. Instead a...

A King’s Ransom It is Not

The first half of 2017 began with two intriguing ransomware events, both partly enabled by wormable exploit technology dumped by a group calling themselves "The ShadowBrokers". These WannaCry and ExPetr ransomware events are the biggest in the sense that they spread the quickest and most...

EnglishmansDentist Exploit Analysis

Introduction Introduction We are continuing our series of blog posts dissecting the exploits released by ShadowBrokers in April 2017. After the first two posts about the SMB exploits known as EternalChampion and EternalSynergy, we’ll move this time to analyze a different tool and we’ll focus on t...

Eternal Champion Exploit Analysis

Recently, a group named the ShadowBrokers published several remote server exploits targeting various protocols on older versions of Windows. In this post we are going to look at the EternalChampion exploit in detail to see what vulnerabilities it exploited, how it exploited them, and how the late...

Eternal Champion Exploit Analysis

Recently, a group named the ShadowBrokers published several remote server exploits targeting various protocols on older versions of Windows. In this post we are going to look at the EternalChampion exploit in detail to see what vulnerabilities it exploited, how it exploited them, and how the late...

'Little Hope' to Recover Data Lost to Petya Ransomware

Join Kaspersky Lab and Comae Technologies Thursday June 29, 2017 at 10 a.m. Eastern time for a webinar “The Inside Story of the Petya/ExPetr Ransomware.” Click here to attend. Fewer than 50 ExPetr/Petya ransomware victims have paid approximately $10,200 in Bitcoin so far in the hopes of unlocking...

Rare XP Patches Fix Three Remaining Leaked NSA Exploits

The unusual decision Microsoft made to release patches on Tuesday for unsupported versions of Windows was prompted by three NSA exploits that remained unaddressed from April’s ShadowBrokers leak. The worst of the bunch, an attack called ExplodingCan CVE-2017-7269, targets older versions of...

Risk of 'Destructive Cyber Attacks' Prompts Microsoft to Update XP Again

Fearing destructive attacks precipitated by the availability of the nation-state exploits in the wild that spawned the WannaCry outbreak, Microsoft today announced that its Patch Tuesday updates would include fixes for older versions of Windows, including XP. The move is unusual and mimics a...

On ShadowBrokers, WannaCry, Samba, and the OneLogin Breach

Mike Mimoso and Chris Brook discuss the news of the week, including the ShadowBrokers crowdfunding attempt, errors in WannaCry, a new Wikileaks dump, last week’s Samba vulnerability, and the OneLogin breach. Download: ThreatpostNewsWrapJune22017.mp3 Music by Chris Gonsalves...

Crowdfunding Effort to Buy ShadowBrokers Exploits Shuts Down

Heeding the advice of attorneys, law enforcement and peers in the security industry, a crowdfunding campaign that spun up to purchase the next batch of ShadowBrokers leaks has been squashed. The group announced this week more details on its impending Dump of the Month Service in which it promises...

ShadowBrokers Put Price on Monthly Zero Day Leaks

The threat posed by the first wave of ShadowBrokers leaks of Equation Group hacking tools was relatively benign. Some vendors had to scramble to patch zero days in older versions of products, but for the most part, the leaks and accompanying auction were more of a novelty. That obviously changed...

On WannaCry, the KillSwitches, and the Possible Lazarus Group Connection

Mike Mimoso and Chris Brook discuss WannaCry, Microsoft’s response, the killswitches, a potential link with Lazarus Group, and what the future holds for the ShadowBrokers. Download: ThreatpostNewsWrapMay192017.mp3 Music by Chris Gonsalves...