October 31, 2016
The hacker group calling itself the Shadow Brokers, who previously claimed to have leaked a portion of the NSA’s hacking tools and exploits, is back with a Bang!
The Shadow Brokers published more files today, and this time the group dumped a list of foreign servers allegedly compromised by the NSA-linked hacking unit, Equation Group, in various countries to expand its espionage operations.
Top 3 Targeted Countries — China, Japan, and Korea
The data dump [Download / File Password: payus] that experts believe contains 306 domain names, and 352 IP addresses belong to at least 49 countries. As many as 32 domains of the total were run by educational institutes in China and Taiwan.
A few target domains were based in Russia, and at least nine domains include .gov websites.
The top 10 targeted countries include China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia.
The latest dump has been signed by the same key as the first Shadow Brokers’ dump of NSA exploits, though there is a lot to be done to validate the contents of the leaked data dump fully.
Targeted Systems — Solaris, Unix, Linux and FreeBSD
Most of the affected servers were running Solaris, Oracle-owned Unix-based operating system, while some were running FreeBSD or Linux.
Each compromised servers were reportedly targets of INTONATION and PITCHIMPAIR, code-names given for cyber-spy hacking programs.
The data dump also contains references to a list of previously undisclosed Equation Group tools, including Dewdrop, Incision, Orangutan, Jackladder, Reticulum, Patchicillin, Sidetrack and Stoicsurgeon.
The tools as mentioned above could be hacking implants, tools or exploits used by the NSA’s notorious group.