UPDATE: Microsoft has issued patches for all supported modern systems. All Windows users should either update or upgrade immediately.
Hacking tools allegedly used by the National Security Agency were leaked online early Friday by the group known as “The Shadow Brokers.”
The mysterious entity, which last August also released a large cache of tools purportedly stolen from “the Equation Group,” an elite hacking team believed to be NSA, published it’s most substantial material yet by exposing powerful exploits against Microsoft Windows systems and targeted banks in the Middle East.
The dump, deemed “the most damaging” for the NSA since Edward Snowden by computer security expert Nicholas Weaver, includes numerous tools that utilize unknown exploits, or “zero days,” against every Windows operating system prior to version 10.
One tool, known as FUZZBUNCH, is causing concern among cybersecurity experts given its ability to automate the creation and deployment of NSA malware.
FUZZBUNCH is a tool that lets you hack into pretty much any Microsoft Windows NT/2000/XP/2003/VISTA/7/2008/8/2012 computer in the world.
— Hacker Fantastic (@hackerfantastic) April 14, 2017
“This FUZZBUNCH framework contains the closest thing to a cyber weapon since Stuxnet,” Matthew Hickey, known as Hacker Fantastic, told tech outlet Motherboard. “It is packed full of exploits. It’s Metasploit but with zero-days.”
This is what it looks like to be a hacker at the NSA. Weaponized #0day metasploit you can use with beautiful GUI interfaces and slick code. pic.twitter.com/9HUq144Cxf
— Hacker Fantastic (@hackerfantastic) April 14, 2017
According to Weaver, the timing of the release is also troublesome given that countless hackers will now have access to the tools over the Easter weekend.
“Normally, dumping these kinds of documents on a Friday would reduce their impact by limiting the news cycle,” Weaver wrote. “But Friday is the perfect day to dump tools if your goal is to cause maximum chaos; all the script kiddies are active over the weekend, while far too many defenders are offline and enjoying the Easter holiday.”
The exploits in this dump are kinda a big deal. Remote SYSTEM is the good stuff. MSFT security team won’t get Easter vacation time
— the grugq (@thegrugq) April 14, 2017
Specific targets, according to former LulzSec hacker Mustafa Al-Bassam, include banking and oil companies in numerous Middle Eastern countries.
NSA completely hacked @EastNets, a global anti-money laundering company, inside out. pic.twitter.com/PP55fjBy4r
— Mustafa Al-Bassam (@musalbas) April 14, 2017
Although dated back to 2013, the tools, which are estimated to be worth as much as $2 million on the gray market, will likely be useful for years to come.
The NSA is now receiving criticism for reportedly not revealing the vulnerabilities, which The Shadow Brokers had hinted were coming back in January, to Microsoft after the tools were stolen – leaving millions of Windows users worldwide totally defenseless.
Shadow Brokers previously advertised these Windows exploits, with codenames, in January. NSA knew what was coming https://t.co/3WijxUaxTQ pic.twitter.com/m57t5zlESV
— Joseph Cox (@josephfcox) April 14, 2017
Speaking with The Intercept, a Microsoft representative confirmed that no one had contacted the company about the exploits prior to today’s data dump.
“At this time, other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” the spokesperson said.
The Emergency Election Sale is now live! Get 30% to 60% off our most popular products today!