The alleged NSA’s unit The Equation Group has been hacked. Exploits and tools leaked online.

Pierluigi Paganini August 16, 2016

A group of hackers claims to have hacked the NSA Equation Group, it is selling hacking tools and exploits in online auction.

Security experts discussed several times about potential effects of the militarization of the cyberspace. Government-built malware and cyber weapons may run out of control, cyber weapons and hacking tools developed by nation-state hackers can go in the wrong hands.

The news reported by the media is disconcerting, an unknown group of hackers is claiming to have hacked into “Equation Group” arsenal.

In February 2015, security researchers at Kaspersky revealed the existence of a hacking group operating since 2001 that targeted practically every industry with  sophisticated zero-day malware.

According to a report from Kaspersky Lab, the group, dubbed the Equation Group, combined sophisticated and complex Tactics, Techniques, and Procedures. In the arsenal of the ATP group there were sophisticated hacking tools that according to the experts requested a significant effort for their development.

The experts at Kaspersky speculated that the Equation Group had interacted with operators behind Stuxnet and Flame. Based on the elements collected in the various cyber espionage campaigns across the years, the experts hypothesized that the National Security Agency (NSA) could be linked to the Equation Group.

“There are solid links indicating that the Equation Group has interacted with other powerful groups, such as the Stuxnet and Flame operators—generally from a position of superiority,” stated the report released at by Kaspersky during the company’s Security Analyst Summit in Cancun, Mexico.

Equation Group Targets

The researchers explained that the Equation Group is a “threat actor that surpasses anything known in terms of complexity and sophistication of techniques,”.

Now a hacker collective that is calling themselves “The Shadow Brokers,” is asking for 1 Million Bitcoins (roughly $578 Million) in an auction to release the cyber weapons and more files belonging to the arsenal of the Equation Group.

The group has leaked data as a proof of the hack and experts who examined it believe it could be legitimate.

I haven’t tested the exploits, but they definitely look like legitimate exploits,” Matt Suiche, founder of UAE-based cyber security firm Comae Technologies, told the Daily Dot.

Below the opinion of the notorious The Grugq provided to Motherboard

“If this is a hoax, the perpetrators put a huge amount of effort in,” security researcher The Grugq told Motherboard. “The proof files look pretty legit, and they are exactly the sorts of exploits you would expect a group that targets communications infrastructure to deploy and use.”

The data, including exploits and hacking tools, were published by The Shadow Brokers on their Github and Tumblr, but the accounts were promptly suspended.

The huge trove of files included installation scripts, configurations for command-and-control (C&C) servers, and multiple exploits designed to compromise network appliances manufactured by IT giants like Cisco, Fortinet, and Juniper.

The popular Italian researchers Claudio Guarnieri hypothesized the group may have hacked a “listening post” (LP), that is a component of the overall surveillance infrastructure used to control the Equation Group’ implants.

The documents leaked by the group demonstrate that Equation Group also targeted the Chinese company Topsec.

Documents leaked by the hackers also referred some of the hacking tools that were presented in the secret document disclosed by Edward Snowden, including “BANANAGLEE” and “EPICBANANA.”

No doubts, if the Equation Group hack was confirmed, such as its link to the NSA, this is a very serious problem for IT industry worldwide.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  The Equation Group, ATP)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment