Hacking group Shadow Brokers infiltrate NSA Equation Group

Militarization of cyberspace is no longer a novelty. Instances of governments using sophisticated zero-day malware against other nations’ organizations and industry have been seen before now. This week a previously unknown group calling themselves “Shadow Brokers” claimed to have infiltrated a server belonging to Equation Group, a hacking group allegedly linked to the US National Security Agency (NSA).

State-sponsored cyberwarfare is complex, difficult to evaluate and the potential impact has many ramifications; one of which is the risk that these hacking tools and resources can end up in the wrong hands, as proved by this week´s events.

Shadow Brokers published some of the stolen data as evidence of the hack and has since started auctioning off the rest of the files, some for as much as 1m bitcoins. The stolen files could contain Equation Group´s highly sophisticated and complex cyber weapons as well as evidence of the operations on which they were used. Speculation remains tentative, however it´s been reported that more than 300 files were stolen and former members of the US intelligence community have said the NSA´s hacking division source code published online appears to be authentic.

Researchers have also suggested that the leaked information is likely to have originated from a compromised system outside the NSA´s network as opposed to a direct hack, highlighting the importance of external threat intelligence in any organization.

Politics aside, one thing´s for certain – a confirmed leak of Equation Group data has serious global implications for the tech industry.

Former NSA employee, Edward Snowden, tweeted about the incident on Tuesday offering some insight about a potentially deeper issue. Snowden commented that the hack of an NSA server is not unprecedented, but that the level of publicity garnered by Shadow Hackers is unexpected. Snowden´s tweet suggests the incident has diplomatic significance between the US and Russia and could be a warning from the latter in response to recent accusations against Russia.

Blueliv is a leading cyber threat intelligence provider with a world class in-house Labs team. The Blueliv threat intelligence platform facilitates custom filtering and generates targeted, actionable intel to strengthen your organization´s defenses from the outside-in.

Join the Blueliv Threat Exchange Network to collaborate with other industry peers about the topics and trends most relevant to your organization.


Read our free cyber security and cyber threat reports

Read now
Demo Free Trial MSSP