Back to interesting information.
Hackers apparently broke into the NSA and stole viruses/malware developed and used (against our allies and other foreign governments) by the NSA. See the last paragraph.
https://www.cyberscoop.com/shadow-brokers-nsa-microsoft-windows-exploits-2017/
Shadow Brokers’ latest leak could have come from beyond NSA staging servers
Cybersecurity experts tell CyberScoop the viewable evidence suggests the existence of advanced hacking tools, which could be used to exfiltrate data, destroy digital forensic evidence, attribute old cyberattacks and compromise numerous systems running older versions of Windows. The Shadow Brokers are supposedly selling the exploits for roughly $850,000 worth of bitcoin in total.
“These filenames and directories look familiar to me … Based on their [Shadow Brokers] past behavior, other things they’ve posted, I have no reason to be believe they don’t have them,” a former U.S. intelligence official told CyberScoop on the condition of anonymity.
Microsoft security teams are aware of the leaked exploits and have begun investigating the incident.
“[But] there’s not much for Microsoft to do until the files themselves are made public,” said Williams, a former vulnerability analyst with the Defense Department.
“Microsoft has telemetry where they get crash reports that include data about what caused a crash. Given that the Shadow Brokers’ are indicating they have zero days for IIS [Internet Information Services for Windows Servers], RDP [Microsoft Remote Desktop] and SMB [Microsoft Server Message Block], teams are likely taking a hard look at crash reports for those services,” Williams said.
Among the trove of published file names and directories is reference to “DANDERSPRITZ,” a software tool used by attackers to obfuscate IP and MAC addresses. Documents previously revealed by former NSA contractor Edward Snowden
show that DANDERSPRITZ was used by operators at the
spy agency.
