Last night, after several months of relative quiet, a hacking group calling itself the Shadow Brokers posted new data purportedly stolen from the NSA. The groups last leakin August included malware believed to be used by the NSA as recently as 2013. At the time, the Shadow Brokers claimed they would auction a second set of data including the best files it had stolen, but since then, the group hasnt done much except post sexually explicit fanfic about Bill Clinton and Loretta Lynch on Medium.
That changed last night, when different groups posted what looks just like a listing of servers compromised by the Equation Group, a hacking team with ties to the NSA. If the list is accurate and thats a serious if, even though the exploits released by the Shadow Brokers three months ago turned out to be legit it shows which staging servers the NSA used to launch cyberattacks.
Like the Shadow Brokers previous disclosure, security researchers say this data is old. The servers were compromised between 2000 and 2010, according to researcher Mustafa Al-Bassam.
The new leak contains a list of more than 300 IP addresses and more than 300 domain names the Equation Group may have compromised. According to a Hacker House analysis, the affected hosts appear to be spread around the world. However, the top 10 impacted countries are China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy& Russia, Hacker House reports. The top three, China, Japan and Korea, make up a substantial number of the attacked hosts.
In a Medium post announcing the leak, the Shadow Brokers referenced the DNC hack, the U.S. election, and the still-pending auction of its best files. The group also seems to reference media reports that have attributed recent political hacks to Russia, and suggests that the hackers are instead perpetrated by Iran as revenge for U.S. interference in that nations election.
USSA elections is going! 60% of Amerikansky never voting, the group wrote. TheShadowBrokers is having suggestion. On November 8th, instead of not voting, perhaps be stopping the vote all together? Perhaps being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be find local polling places and protesting, blocking, disrupting, smashing equipment, tearing up ballots?
The latest leak calls into question what role former NSA contractor Harold Martin may have had in the Shadow Brokers disclosures. Martin was recently apprehended after examiners discovered that he had taken classified information home from run. Martins activities were uncovered during the investigation into the Shadow Brokers leaks, the New York Times reports, but researchers have not been able to conclusively connect Martin to the Shadow Brokers.