X
Tech

ShadowBrokers dump Equation group hacked servers in publicity push

Anyone interested in buying the full NSA exploit dump? Anyone?
Written by Charlie Osborne, Contributing Writer
macsymantec.jpg
Symantec

The ShadowBrokers cyberthreat group have used Halloween to dump a group of hacked servers that the Equation Group allegedly exploited and harnessed in their cyberattack campaigns.

On October 31, as reported by ThreatPost, the cyberattackers dumped a list of vulnerable Sun Solaris and Linux servers apparently used as tools by the US National Security Agency (NSA)-linked Equation Group, originally dubbed by Kaspersky as the "most advanced" cybercriminal gang ever recorded.

The servers, however, are old, with year ranges from 2001 to 2010. The majority of the IP addresses linked to the servers stem from countries including China, Japan, Bosnia, South Korea, Iran, and Russia.

A list of the compromised servers included in the dump can be found here.

In an online message, the group blasted the US government, media, and the economy, as well as a thinly-veiled threat to disrupt the upcoming US election.

The ShadowBrokers say: (original spelling & grammar preserved)

"Maybe hacking election is being the best idea? [..] Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots?

The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don't beleiving? Remembering Iran elections? Rembering stuxnet?"

At the end of the message, the group included a link to two dumps containing the lists of compromised servers.

Speaking to the publication, Comae security researcher Matt Suiche said there is "not much to see" in the file dump, with little more than metadata and some configuration variables on offer -- rather than any exploits, zero-day vulnerabilities, or source code.

In August, the cyberattackers released a set of highly advanced hacking tools with digital signatures almost identical to those used by the Equation Group.

It may be, however, that the latest leak is little more than scraping the barrel for less valuable information to keep the name ShadowBrokers alive on social media and online as a whole. The group has been trying to sell an apparent treasure trove of exploits and hacking tools which belonged to the Equation Group, but with little success.

See also: Shadow Brokers launch auction for Equation Group hacking cache

"How bad do you want it to get?," the ShadowBrokers write. "When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!"

At the time of writing, the auction has reached 2.006074 BTC, which equates to roughly $1400 and a drop in the ocean in comparison to the ShadowBroker's original demand for one million in Bitcoin.

10 things you didn't know about the Dark Web

Editorial standards