Leaked NSA hacking tools are in the wild, targeting unpatched Windows systems

Apr 26, 2017360TS

The Shadow Brokers, a notorious hacking group, recently leaked a trove of hacking tools from NSA (National Security Agency). These nation-state-level cyber weapons can be used to compromise about 70% of Windows systems around the globe. Users are urged to install security patches immediately to keep their PC safe.
Leaked NSA hacking tools are in the wild, targeting unpatched Windows systems

Powerful cyber weapons used by Uncle Sam to snoop on foreign governments

This hacking toolkit has been confirmed to be stolen from NSA’s Equation Group. Targets include Windows, Cisco firewalls, and even SWIFT Alliance Access. Also, the U.S. government used to hack into and spy on foreign governments, banks, and other organizations with the arsenal.

The hacking group first tried to sell these arsenals in an auction, but in the end there was no buyers, so they decided to give these hacking tools online for free. Therefore, malware developers could easily gain access to the Shadow Brokers package from the dark web and deliver exploits.

Among all the hacking tools leaked, FUZZBUNCH, a well-developed package to deliver the exploits, drew the most attention. It had modules to install a backdoor program, allowing a malicious hacker to execute codes remotely to infect a victim’s PC.

Over 20 exploits were leaked and could be deployed by FUZZBUNCH to attack Windows computers through opening a connection with which attackers could insert malware to a target system.

“This is a nation-state toolkit available for anyone who wants to download it – anyone with a little bit of technical knowledge can download this and hack servers in two minutes,” Matthew Hickey, cofounder of British security company Hacker House, said. “It’s as bad as you can imagine.”

Most leaked NSA Windows exploits are designed to take advantage of vulnerabilities existing in the SMB (Server Message Block) protocol. This service enables file sharing between Windows computers.

Install Microsoft patches NOW to prevent potential malware infection

To access how many potential victims are vulnerable to the leaked hacking tools, BelowoDay, a cyber-security company, conducted a scan for Windows computers with open SMB ports. The scan result indicated an approximate number of 5.5 million PCs were exposed to the unsafe external connections.

Unpatched Windows systems, ranging from Windows 2000 to Windows 8 and Server 2012, are vulnerable to the Shadow Brokers dump. Fortunately, Microsoft has released security patches for most of the vulnerabilities. Users are strongly recommended to install the patches immediately to stay safe away from the potential attacks.