• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

 | 

Taking over millions of developers exploiting an Open VSX Registry flaw

 | 

OneClik APT campaign targets energy sector with stealthy backdoors

 | 

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber warfare
  • Hacking
  • Intelligence
  • NSA Hackers The Shadow Brokers leaked another dump with NSA targets

NSA Hackers The Shadow Brokers leaked another dump with NSA targets

Pierluigi Paganini October 31, 2016

The ShadowBrokers hacker group leaked a fresh dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group.

The notorious Shadow Brokers hacker group has posted a fresh dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group.

The hackers disclosed the list containing historic targets of the Equation Group, it includes Mail providers, Chinese targets, and universities.

The Equation group compromised the targets using the hacking tools codenamed as INTONATION and PITCHIMPAIR.

The latest dump leaked by the Shadow Brokers was signed using the same key used to sign the first dump of Equation Group exploits.

The ShadowBrokers provided the links to two distinct PGP-encrypted archives, the first one offered for free as a proof of the hack (its passphrase was ‘auctioned’), for the second one the group requested 1 million BTC .

The first archive contains roughly 300MBs of data, including firewall exploits, hacking tools, and scripts with cryptonyms like BANANAUSURPER, BLATSTING, and BUZZDIRECTION.

The security researchers Mustafa Al-Bassam has published an interesting post that lists all the exploits, implants, and tools for hacking firewalls (“Firewall Operations”) included in the dump.

The Equation Group ‘s hackers targeted products made by Cisco, Fortigate, Juniper, TOPSEC, and Watchguard.

The majority of files are at least three years old, meanwhile, the newest timestamp dating to October 2013.

Early October, TheShadowBrokers complained that no one seems to be bidding on their precious archive, an alleged member of the hacker group expressed his dissent on the lack of interest in ponying up bitcoins to release the full NSA data dump.

A couple of weeks ago the group announced the launch of a crowdfunding campaign for the stolen arsenal because its auction received offers for less than two bitcoins.

Back to the present day, the ShadowBrokers hackers published message accompanying the latest dump.

“TheShadowBrokers is having special trick or treat for Amerikanskis tonight.” “Why is DirtyGrandpa threating CIA cyberwar with Russia? Why not threating with NSA or CyberCommand? CIA is cyber B-Team, yes? Where is cyber A-Team? Maybe threating is not being for external propaganda? Maybe is being for internal propaganda? Oldest control trick in book, yes? Waving flag, blaming problems on external sources, not taking responsibility for failures. But neverminding, hacking DNC is way way most important than EquationGroup losing capabilities. Amerikanskis is not knowing USSA cyber capabilities is being screwed? Where is being “free press”? Is ABC, NBC, CBS, FOX negligent in duties of informing Amerikanskis? Guessing “Free Press” is not being “Free as in free beer” or “Free as in free of government influence?” reads the message.

According to security experts, the list is very old, it is available at the following links

https://mega.nz/#F!D1Q2EQpD!Lb09shM5XMZsQ_5_E1l4eQ
https://yadi.sk/d/NCEyJQsBxrQxz

Password = payus

The Shadow Brokers continue to grapple for publicity and money. The list of servers is 9 years old, likely no longer exist or reinstalled. https://t.co/bEJGsvZItY

— Kevin Beaumont (@GossiTheDog) 31 ottobre 2016

A close look at the dump revealed that it contains some 300 folders of files. Each file corresponds to a different domain and IP address.

The notorious expert Hacker Fantastic analyzed the dump and confirmed that it contains 306 domains and 352 IP addresses relating to 49 countries in total.

306 domain names, 352 ip addresses contained in @shadowbrokerss leak, mostly ASIAPAC region. descriptions here https://t.co/zNQgCiU0Ro

— Hacker Fantastic (@hackerfantastic) 31 ottobre 2016

There are 49 countries impacted by the Solaris attack exposed by @shadowbrokerss – vast majority of those are in ASIAPAC region. pic.twitter.com/1KS7sjYhOW

— Hacker Fantastic (@hackerfantastic) 31 ottobre 201

The dump revealed targets in Russia, China, India, Sweden, and many other countries. The Top 10 countries include also Japan and Italy.

The colleague Carola Frediani reported the presence of Italian targets that includes systems in some university, such as the Università dell’Aquila (sipralab.univaq.it; matematica.univaq.it; ns.univaq.it) and the ‘Università degli Studi Mediterranea di Reggio Calabria (ns.ing.unirc.it).

Below a graph from by a preliminary study conducted by the researcher Quequero ‏@quequero on addresses published by the ShadowBrokers and allegedly used by the NSA as staging servers/C&C.

quequero-shadowbrokers-server-country

The machines compromised by the US Intelligence may have been used to target systems worldwide and deliver exploits.

New Shadow Brokers dump contains list of servers compromised by the NSA to use as exploit staging servers. pic.twitter.com/rVNjWCvgoG

— Mustafa Al-Bassam (@musalbas) 31 ottobre 2016

Stay Tuned!

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  The Equation Group, ShadowBrokers)


facebook linkedin twitter

cyber weapon Equation group Hacking malware NSA TAO The Shadow Brokers

you might also like

Pierluigi Paganini June 28, 2025
LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage
Read more
Pierluigi Paganini June 27, 2025
Taking over millions of developers exploiting an Open VSX Registry flaw
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    LapDogs: China-nexus hackers Hijack 1,000+ SOHO devices for espionage

    Malware / June 28, 2025

    Taking over millions of developers exploiting an Open VSX Registry flaw

    Hacking / June 27, 2025

    OneClik APT campaign targets energy sector with stealthy backdoors

    Hacking / June 27, 2025

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT