[SingCERT] Shadow Brokers Leaked New Trove of Hacking Tools

Published on Saturday, 15 April 2017 16:25

Background
On 14th April 2017, a hacking group known as the 'Shadow Brokers" released a new trove of hacking tools containing zero-day vulnerabilties and exploits believed to be stolen from a hyper-secret hacking unit dubbed the "Equation Group". This arsenal of hacking tools targets the SWIFT Alliance access boxes, Cisco VPN and several versions of Microsoft Windows operating systems.

SingCERT is closely monitoring developments and will update when more information becomes available.

Affected Products and Operating Systems

From Windows NT, 2000, 2003, XP, Vista, 7, 2008, 8 and 2012 are vulnerable.

Impact
Attacker can use these hacking tools to gain remote access onto affected products and operating systems and conduct malicious operations.

Recommendation
According to Microsoft, most of the exploits that were disclosed are vulnerabilities that have already been patched in Microsoft supported products. Administrators and Users should read the Microsoft link below and ensure their computers are up-to-date.

Other Recommendations

Do monitor your network for any signs of intrusion, especially incoming attempts from the Internet.

References
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
https://arstechnica.com/security/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
https://medium.com/@networksecurity/latest-shadow-brokers-dump-owning-swift-alliance-access-cisco-and-windows-7b7782270e70