i The Leaked NSA hacking timeline – All things in moderation

The Leaked NSA hacking timeline

The ShadowBrokers group leaked NSA hacking tools timeline

  • August 2016: A group called “ShadowBrokers” asking for 1 Million Bitcoins (around $568 Million) in an auction to release the ‘best’ cyber weapons and more files made by the NSA (United States intelligence organization).

  • August 19, 2016: Cisco confirmed the a zero-day RCE vulnerability (CVE-2016-6366) found in NSA’s exploits.

  • October, 31 2016: The ShadowBrokers published a list of foreign servers allegedly compromised by the NSA-linked hacking unit, Equation Group, in various countries to expand its espionage operations.
    – The top 10 targeted countries include China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia.
    – Targeted Systems are Solaris, Unix, Linux and FreeBSD
    – Link download information leaked: https://mega.nz/#F!D1Q2EQpD!Lb09shM5XMZsQ_5_E1l4eQ

  • December 14, 2016: After Failed Auction, The ShadowBrokers has appeared to have put up the NSA hacking tools and exploits for direct sale on an underground website.

  • January 10, 2017: The ShadowBrokers group is selling another package of hacking tools, “Equation Group Windows Warez” which includes Windows exploits and antivirus bypass tools, stolen from the NSA-linked hacking.

  • March 07, 2017: WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency’s ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems … Which includes a total of 8,761 documents, Read more about the leak on the https://wikileaks.org/ciav7p1/

  • April 08, 2017: The ShadowBrokers group has published a bunch of tools that was stolen from the NSA Arsenal Hacker Tools.
    – A Github repository is the following: https://github.com/misterch0c/shadowbroker.
    – Which include these hacking tools have been named are OddJob, EasyBee, EternalRomance, FuzzBunch, EducatedScholar, EskimoRoll, EclipsedWing, EsteemAudit, EnglishMansDentist, MofConfig, ErraticGopher, EmphasisMine, EmeraldThread, EternalSynergy, EwokFrenzy, ZippyBeer, ExplodingCan, DoublePulsar, and others.

  • April 08, 2017: The ShadowBrokers group published more stolen NSA Hacking tools and scripts include:
    – rpc.cmsd a remote root zero-day exploit for Solaris – Oracle-owned Unix-based operating system.
    – The TOAST framework that NSA’s TAO (Tailored Access Operations) team used to clean logs of Unix wtmp events.
    – The Equation Group’s ElectricSlide tool that impersonates a Chinese browser with fake Accept-Language.
    – The evidence of the NSA operators’ access inside the GSM network of Mobilink, one of the Pakistan’s popular mobile operator companies.
    – A Github repository is the following: https://github.com/x0rz/EQGRP

  • April 14, 2017: New update in a github repository which include 3 new folders: Windows, Swift, and OddJob. Read more about this update from:
    http://thehackernews.com/2017/04/swift-banking-hacking-tool.html
    http://thehackernews.com/2017/04/window-zero-day-patch.html

  • April 22, 2017: Leaked NSA hacking tools named is DoublePulsar being used to hack thousands of vulnerable windows PCs (Include: Windows XP, Windows Server 2003, Windows 7 and 8, and Windows 2012)

  • May 12, 2017: The outbreak of a new ransomware called as WannaCry. A zero-day vulnerability in Windows SMB protocol (port 445) named is Eternalblue (CVE-2017-0143) and DoublePulsar backdoor developed by the NSA has being used to compromised hundreds of thousands of computers worldwide.
    – More about wannacry ransomeware: https://gist.github.com/rain-1/989428fa5504f378b993ee6efbc0b168

  • May 25, 2017 : Over 24,000 PCs Still Vulnerable to EsteemAudit, it’s another dangerous NSA-developed Windows hacking tool leaked by the Shadow Brokers that targets RDP service (port 3389) on Microsoft Windows Server 2003 / Windows XP machines.

  • July 06, 2017: Wikileaks Unveils CIA Implants that Steal SSH Credentials from OpenSSH client on various distributions of Linux OS, including CentOS, Debian, RHEL (Red Hat), openSUSE and Ubuntu.

References

The hacker news
wikileaks

Leave a Reply