News Stay informed about the latest enterprise technology news and product updates.

The Shadow Brokers dumps list of NSA-targeted servers

In its latest data dump, The Shadow Brokers dropped a list of Equation Group-targeted servers across the globe that may have been used to stage NSA exploits and hacking tools.

The entity known as The Shadow Brokers dumped a data file Monday containing a list of servers targeted by the NSA-linked...

Equation Group and potentially used as staging servers for cyberattacks.

The disjointed message, the fifth from The Shadow Brokers, claims the servers listed in the dump were compromised by the Equation Group and then used to stage the group's exploits and hacking tools. The message, which was linked to download pages on websites Mega and Yandex, was signed with the same PGP key used to sign previous messages from The Shadow Brokers. The server list included timestamps with each server, dating as far back as August 2000 and as recently as August 2010.

The Shadow Brokers has already shaken the cybersecurity world with its release of Equation Group exploits for security devices from Cisco, Fortinet and others. In the latest message the group railed against U.S. political corruption and news organizations and ended with a call to disrupt the upcoming U.S. presidential election, as well as a short description of the contents of the encrypted file.

The list includes servers that were used by the Equation Group to stage attacks, the message read, referring to the Equation Group PITCHIMPAIR software exploit kit. Other IP addresses were released in connection with the INTONATION hacking tool; 329 IP addresses in all, with 41 located in China, 32 in Japan, 31 in Korea. Only four IP addresses in the list were located in the U.S.

In an attempt to drum up support for the auction it claimed was being conducted for access to cyberweapons used by Equation Group, The Shadow Brokers' message ended with a warning that owners of the systems listed should be careful if they decide to search for Equation Group cyberweapons because the "rootkit will self-destruct," and investigators should make a "cold forensic image" of the systems for research purposes.

Reaction to the dump was swift. Mustafa Al-Bassam, doctoral researcher with the Information Security Research Group at the University College London, noted on Twitter that the list demonstrates one reason cyber attribution is difficult:

And Liverpool, U.K.-based security architect Kevin Beaumont noted the list of servers was quite old and likely not to have much value:

Next Steps

Find out more about the NSA's Tailored Access Operations unit.

Learn about how Equation Group malware may already be changing the game for advanced attack defense.

Read about how the U.S. government handles vulnerabilities and cyberweapons.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Do you expect any further, substantial, data releases to be made by Tthe Shadow Brokers? Is so, what? If not, why not?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close