Article 4EM23 Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

by
Dan Goodin
from Ars Technica - All content on (#4EM23)
nsa-headquarters-800x624.jpg

Enlarge / The National Security Agency headquarters in Fort Meade, Maryland. (credit: National Security Agency)

One of the most significant events in computer security happened in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency's most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA's biggest operational mistakes ever.

On Monday, security firm Symantec reported that two of those advanced hacking tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat hacking group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed "DoublePulsar" backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.

Killing NOBUS

The revelation that the powerful NSA tools were being repurposed much earlier than previously thought is sure to touch off a new round of criticism about the agency's inability to secure its arsenal.

Read 13 remaining paragraphs | Comments

index?i=HzEQCA-SBHk:kt4syL3MnnQ:V_sGLiPB index?i=HzEQCA-SBHk:kt4syL3MnnQ:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments