Juniper has confirmed that an initial analysis of malware linked to the National Security Agency appears to affect its firewalls.
But the company said it would not release a security advisory or patches until it knew exactly what it was dealing with.
A group calling itself the Shadow Brokers claimed to have stolen a set of hacking tools from a group dubbed the Equation Group. The Shadow Brokers described the tools as “cyber weapons” used to attack targets running vulnerable networking hardware, allowing its operators to conduct surveillance.
Exactly who created the hacking tools was shrouded in mystery, but a detailed analysis of the Edward Snowden documents earlier this week showed that the tools were owned and used by the National Security Agency.
Juniper said in a blog post that the company was “examining the extent of the attack,” but that the analysis “indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices.”
That includes a number of its firewalls, and possibly other devices, like its VPN management hardware.
“We will continue to evaluate exactly what level of access is necessary in order to execute the attack, whether it is possible to detect the attack, and if other devices are susceptible,” the company said.
Cisco and Fortinet had already confirmed that exploits found in the leaked cache affected its products.
It’s not the first time Juniper has been caught up in the aftermath of the Snowden leaks. Last year, the company found “unauthorized code” in its software that effectively allowed two backdoors to exist for three years.
One of the backdoors was later blamed on the NSA.