On Halloween morning, Monday, Oct. 31, the Shadow Brokers mysterious hacker group was back with a new online leak that is claimed to reveal hundreds of organizations spied on by the United States National Security Agency (NSA) over more than a decade.
New Shadow Brokers Leak
According to Fortune, the Shadow Brokers group released a new cache of files online, revealing the network designations or IP addresses of computer servers supposedly compromised by The Equation Group. The Equation Group is rumored to be a hacker outfit linked to NSA. According to a tweet on Twitter, the list contains hundreds of targets of the cyber-espionage performed by NSA-linked group from the 2000s. On the list are targets in countries such as India, Russia, Iran, Pakistan and South Korea, as well as email providers and universities in China.
Shadow Brokers group has already created seismic waves in August when it made public some of NSA's most elite hacking tools. Now, the hacker group is back to fame with its new leak. On a Meadium post, the Shadow Brokers announced in a broken English on Monday morning that the group is "having special trick or treat for Amerikanskis tonight." The fact that the post belongs to the hacker group is confirmed by the fact that it is signed by the same encryption key used in the August posts.
According to Ars Technica, Monday's leak came just as former NSA contractor Harold Thomas Martin III remains in federal custody on charges that he gathered in his suburban Maryland home an impressive 50 terabytes of data. An important share of the data includes highly classified information such as highly sensitive methods behind intelligence operations and the names of U.S. intelligence officers. Investigators looking into the Shadow Brokers' August leak also discovered Martin's data breach. However, it is not clear what connection Martin has to the Shadow Brokers group's leaks.
The Equation Group
The "omnipotent" Equation Group of hackers tied to NSA was found at least, after hiding for 14 years. Originally, Equation Group was a name given to an elite team of NSA-tied hackers by researchers from Moscow-based Kaspersky Lab. Some of the Windows flaws exploited by The Equation Group were later targeted by the Stuxnet worm that attacked the nuclear program of Iran.
Until Kaspersky researchers brought it to light, The Equation Group was able to operate undetected for more than 14 years. There is no evidence that "Equation Group" was the name anyone inside the group used, however researchers dubbed it this way.
According to analyses from researchers posted on the websites myhackerhouse.com and pastebin.com, Monday's dump contains 306 distinct domain names and 352 IP addresses that purportedly have been hacked by the NSA. The servers were targeted between Aug 22, 2000 and Aug 18, 2010, according to the timestamps included in the leak. Among the addresses are included nine .gov domains and 32 .edu domains.
The targets were located in a total of 49 countries. Among the top targeted countries are included Russia, Korea, Japan, China, Taiwan, India, Germany, Spain, Italy and Mexico.
The dump also includes other interesting pieces of data, such as the configuration settings for a toolkit used to hack servers running Unix operating systems. The list could be used, if valid, by various organizations to uncover attacks that spread on over a decade and were, until recently, closely guarded secrets. The servers were mostly running Sun Microsystems' Solaris operating system that was widely used in the early 2000s. FreeBSD and Linux are also shown on the leaked spreadsheet.
This new leak is coming to fuel a new NSA spying scandal right at a time of controversial cyberattack claims. The American government just came to point at Russia as the country being beyond recent hacks of American online targets, including an alleged tentative to highjack American presidential elections. NSA did not yet officially comment on the spying issue uncovered by the new leak.