Today the Shadow Brokers group has released another piece of the precious archive alleged stolen to the NSA, a 117.9 MB encrypted dump, it includes three folders named Windows, Swift, and OddJob including 23 new hacking tools.
Some of the codenames for the hacking tools in the archive are OddJob, EasyBee, EternalRomance, FuzzBunch, EducatedScholar, EskimoRoll, EclipsedWing, EsteemAudit, EnglishMansDentist, MofConfig, ErraticGopher, EmphasisMine, EmeraldThread, EternalSynergy, EwokFrenzy, ZippyBeer, ExplodingCan, DoublePulsar.
The tools and exploits released today have been specifically designed to target earlier versions of Windows operating system, this last bunch of documents suggests the NSA was targeting the SWIFT banking system of several banks around the world.
The hackers published a blog post titled “Lost in Translation,” which included a link to the archive and the password.
“Follow the links for new dumps. Windows. Swift. Oddjob. Oh you thought that was it? Some of you peoples is needing reading comprehension.
https://yadi.sk/d/NJqzpqo_3GxZA4
Password = Reeeeeeeeeeeeeee
” reads the blog post.
Of course, security researchers immediately started digging the precious trove of files.
The hacking tools in the Windows folder work against older versions of Windows (Windows XP) and Server 2003.
The folder OddJob contains a Windows implant and includes alleged configuration files and payloads, also in this case targeted versions are older ones like Windows Server 2003 Enterprise up to Windows XP Professional.
The folder includes SQL scripts that could be used to query Oracle Database to obtain a wide range of information, including the list of users and the SWIFT message queries.
“The reports of an alleged hacker-compromised EastNets Service Bureau (ENSB) network is totally false and unfounded,” EastNets’ CEO Hazem Mulhim told Motherboard in an email. “The EastNets Network internal Security Unit has ran a complete check of its servers and found no hacker compromise or any vulnerabilities.” reads the official statement issued by the company.
“The EastNets Service Bureau runs on a separate secure network that cannot be accessed over the public networks. The photos shown on twitter, claiming compromised information, is about pages that are outdated and obsolete, generated on a low-level internal server that is retired since 2013.”
Stay Tuned …
[adrotate banner=”9″] | [adrotate banner=”12″] |
(Security Affairs – Shadow Brokers group, SWIFT)
[adrotate banner=”5″]
[adrotate banner=”9″]
Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…
Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…
Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks'…
Cisco Talos warns of large-scale brute-force attacks against a variety of targets, including VPN services,…
The PuTTY Secure Shell (SSH) and Telnet client are impacted by a critical vulnerability that could…
Researchers warn of a renewed cyber espionage campaign targeting users in South Asia with the…
This website uses cookies.