A hacker group Shadow Brokers were known for their revelation of the hacking tools used by NSA. After being quite for some time, they are now back in news once again and gives NSA a Halloween surprise and it’s very scarier than before.
The new leak contains a list of more than 300 IP addresses and more than 300 domain names the Equation Group may have compromised. According to a Hacker House analysis, the affected hosts appear to be spread around the world. “However, the top 10 impacted countries are China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy & Russia,” Hacker House reports. “The top three, China, Japan and Korea, make up a substantial number of the attacked hosts.”
Top 3 Targeted Countries — China, Japan, and Korea
The data dump [Download / File Password: payus] that experts believe contains 306 domain names, and 352 IP addresses belong to at least 49 countries. As many as 32 domains of the total were run by educational institutes in China and Taiwan.
A few target domains were based in Russia, and at least nine domains include .gov websites.
The top 10 targeted countries include China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy, and Russia.
The latest dump has been signed by the same key as the first Shadow Brokers’ dump of NSA exploits, though there is a lot to be done to validate the contents of the leaked data dump fully.
“USSA elections is coming! 60% of Amerikansky never voting,” the group wrote. “TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots?”
Targeted Systems — Solaris, Unix, Linux and FreeBSD
Security researcher Mustafa Al-Bassam, an ex-member of Lulzsec and the Anonymous hacking collective, said the NSA likely compromised all the servers between 2000 and 2010.
“So even the NSA hacks machines from compromised servers in China and Russia. This is why attribution is hard,” Al-Bassam added.