2 May 2017

Chinese, Russian hackers adapting latest Shadow Brokers exploits, tools

by Tony Ware

Mentions of exploits and tools released by the Shadow Brokers hacker group have been cropping up increasingly on Chinese- and Russian-language websites, indicating that weaponization is imminent.

Shadow Brokers, most known for the August 2016 release of NSA tools and exploits, released its latest batch of malware April 15. Reverse engineering and reporting by security researchers, such as threat intelligence company Recorded Future, identified the exploit framework (named FUZZBUNCH), the SMB malware (ETERNALBLUE) and the privilege escalation tool (ETERNALROMANCE), as well as the DOUBLEPULSAR kernel payload. 

This release has resulted in broad interest among top-tier dark-web cyber communities centering on malware trigger points and setup tutorials for the new exploits. Malicious actors may reuse or repurpose these toolsets to take advantage of underlying vulnerabilities.

The research, including links to alerts and critical system patches that could help minimize vulnerabilities, can be found at RecordedFuture.com.

No comments: