What comes to mind when I say Shadow Brokers? A secret group of assassination experts perhaps? Well, for the uninitiated, Shadow Broker refers to an elusive group of hackers that have made headlines in the past as well. After disappearing from the scenes from quite a while, the group is back and has marked its re-entry with a dump of Windows exploits.
This particular dump of files contain a slew of tools specifically designed to access Windows machines. This same dump also consists of a bunch of slideshows that clearly illustrate the whole process of targeting banking systems. In a blog post, the group said:
Is being too bad nobody deciding to be paying theshadowbrokers for just to shutup and going away. TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes.
The files is being analyzed by security researchers even as we speak. According to them, the Equation Group used some clever targeting of VPNs and firewalls to gain access to banking systems. Most of these exploits target older version of Windows however, some among them are also viable as hacks for more recent version of Windows — for instance, Windows 8.
Meanwhile, most of the exploits in the dump appear to be centered around the SWIFT Alliance Access (SAA), a financial messaging interface that is used by banks across the globe. Very interestingly, these files are also suggesting that the National Security Agency is actively indulging in the targeting of international banking bureaus. This is being done through a widespread, global protocol that is used for secure financial messaging and transactions. Indeed, these files show that a slew of NSA protocols exists solely to compromise SAA protocols.
There is no guarantee that all the data available through the dump is correct. However, it certainly raises some very interesting questions. We leave you to draw your own conclusions from the dump and a post by the Shadow Brokers, which can be found right here.
