ShadowBrokers dump Equation group hacked servers in publicity push

macsymantec.jpgSymantec

The ShadowBrokers cyberthreat group have used Halloween to dump a group of hacked servers that the Equation Group allegedly exploited and harnessed in their cyberattack campaigns.

On Monday, as reported by ThreatPost, the cyberattackers dumped a list of vulnerable Sun Solaris and Linux servers apparently used as tools by the US National Security Agency (NSA)-linked Equation Group, originally dubbed by Kaspersky as the “most advanced” cybercriminal gang ever recorded.

The servers, however, are old, with year ranges from 2001 to 2010. The majority of the IP addresses linked to the servers stem from countries including China, Japan, Bosnia, South Korea, Iran, and Russia.

A list of the compromised servers included in the dump can be found here.

In an online message comprised of garbled English and political raving, the group blasted the US government, media, and the economy, as well as a thinly-veiled threat to disrupt the upcoming US election.

The ShadowBrokers say: (original spelling & grammar preserved)

“Maybe hacking election is being the best idea? [..] Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots?

The wealthy elites is being weakest during elections and transition of power. Is being why USSA is targeting elections in foreign countries. Don’t beleiving? Remembering Iran elections? Rembering stuxnet?”

At the end of the message, the group included a link to two dumps containing the lists of compromised servers.

Speaking to the publication, Comae security researcher Matt Suiche said there is “not much to see” in the file dump, with little more than metadata and some configuration variables on offer — rather than any exploits, zero-day vulnerabilities or source code.

In August, the cyberattackers released a set of highly advanced hacking tools with digital signatures almost identical to those used by the Equation Group.

It may be, however, that the latest leak is little more than scraping the barrel for less valuable information to keep the name ShadowBrokers alive on social media and online as a whole. The group has been trying to sell an apparent treasure trove of exploits and hacking tools which belonged to the Equation Group, but with little success.

See also: Shadow Brokers launch auction for Equation Group hacking cache

“How bad do you want it to get?,” the ShadowBrokers write. “When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!”

At the time of writing, the auction has reached 2.006074 BTC, which equates to roughly $1400 and a drop in the ocean in comparison to the ShadowBroker’s original demand for one million in Bitcoin.

More security news

Symantec launches endpoint protection solution based on artificial intelligence

Symantec has launched Endpoint Protection 14, a new security solution which harnesses artificial intelligence to protect clients.

screen-shot-2016-11-01-at-06-28-49.jpg

Announced on Tuesday, the new security offering is powered by AI and machine learning on the endpoint and in the cloud.

Symantec says that by harnessing machine learning to collate data and detect patterns and anomalies which may indicate a cyberattack, AI provides “a multi-layered solution able to stop advanced threats and respond at the endpoint regardless of how the attack is launched.”

Symantec Endpoint Protection combines machine learning, memory exploit mitigation and threat intelligence provided by Symantec and Blue Coat, which combined their research and security operations in October after Symantec completed the acquisition of Blue Coat for $4.6 billion.

The company also says that the solution is capable of 99.9 percent efficacy, low false positives and a 70 percent carbon footprint reduction in comparison to past endpoint software.

Symantec Endpoint Protection 14 is now available.

See also: ARM, Symantec build security standard for Internet of Things

Mike Fey, president and chief operating officer at Symantec commented:

“Multi-layered protection, enabled by artificial intelligence, backed by the world’s largest and most powerful threat intelligence force, and powered by the cloud — this is literally the smartest choice in endpoint technologies.

Symantec Endpoint Protection 14 is an essential element of an integrated cyber defense strategy that enterprises require to combat today’s advanced threats.”

In September, Symantec unveiled Symantec Endpoint Protection Cloud, a tool designed for SMBs to manage antivirus and firewall software, as well as mobility and encryption services.

More security news