A years ago when the mysterious hacking group ‘The Shadow Brokers’ dumped a massive trove of sensitive data stolen coming from the US intelligence agency NSA, everyone began looking for secret hacking tools in addition to zero-day exploits.
A group of Hungarian security researchers coming from CrySyS Lab in addition to Ukatemi has today revealed in which the NSA dump doesn’t just contain zero-day exploits used to take control of targeted systems, although also include a collection of scripts in addition to scanning tools the agency uses to track operations of hackers coming from different countries.
According to a report published today by the Intercept, NSA’s specialized team known as Territorial Dispute (TeDi) developed some scripts in addition to scanning tools in which help the agency to detect different nation-state hackers on the targeted machines This particular infects.
NSA hackers used these tools to scan targeted systems for ‘indicators of compromise’ (IoC) in order to protect its own operations coming from getting exposed, as well as to find out what foreign threat actors are stealing in addition to which hacking techniques they are using.
“When the NSA hacks machines in Iran, Russia, China in addition to elsewhere, its operators want to know if foreign spies are inside same machines because these hackers can steal NSA tools or spy on NSA activity inside machines,” the publication reports.
“If the different hackers are noisy in addition to reckless, they can also cause the NSA’s own operations to get exposed. So based on who else can be on a machine, the NSA might decide to withdraw or proceed with extra caution.”
NSA’s Territorial Dispute team maintains a database of digital signatures, like fingerprints for file in addition to snippets coming from various hacking groups, to track APT operations for attribution.
According to the researchers, when the Shadow Brokers managed to hack the NSA networks in addition to stole a collection of sensitive files in 2013, the agency was tracking at least 45 different state-sponsored APT groups.
This particular also appears in which the NSA hackers were tracking some of the tools coming from Dark Hotel in 2011—in which’s about 3 years prior to the wider security community discovered the hacking group.
Dark Hotel can be a sophisticated cyber espionage group believed to be coming from South Korea, well known for targeting hotel Wi-Fi networks to spy on senior-level executives at organisations in manufacturing, defense, investment capital, private equity, automotive in addition to different industries.
The group of researchers has planned to Discharge its findings of the NSA scripts in addition to scanning tools This particular week at the Kaspersky Security Summit in Cancun, which would likely help different researchers to dig through the data in addition to identify more of the APT groups the NSA can be hunting.
“The team also hopes the information will help the community classify some malware samples in addition to signatures in which have previously been uncovered by the security community although remain unattributed to a specific threat group because researchers don’t know to which advanced hacking group they belong,” the Intercept says.
Cryptography in addition to System Security (CrySyS Lab) can be best known for uncovering an Israeli spying tool called Duqu in 2011, which was believed to be developed by the same Israeli hackers who took the U.S. help to develop the infamous Stuxnet malware for sabotaging Iranian nuclear program.