Equation Group
advanced persistent threat

The Shadow Brokers are back with exploits for Windows and global banking systems

Next Story

Watch the first trailer for ‘Star Wars: The Last Jedi’

It’s been several months since their last major exploit, but the hacking group dubbed Shadow Brokers is back. The group, which last year dumped malware it had allegedly stolen from The Equation Group, a hacking team associated with the NSA, posted new files over the weekend and followed up today with a dump of Windows exploits.

The latest files contain tools apparently designed to access Windows machines, as well as slideshows documenting the targeting of banking systems.

“Is being too bad nobody deciding to be paying theshadowbrokers for just to shutup and going away. TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes,” the group wrote in a post announcing the file release.

Security researchers analyzing the files say that The Equation Group targeted VPNs and firewalls to gain access to banking systems. The newly published exploits appear to primarily target older versions of Windows, but some appear to be as current as Windows 8.

Researchers are still combing through the files to see what’s fresh and what isn’t. So far, some of the most significant exploits appear to center around SWIFT Alliance Access (SAA), a flagship financial messaging interface used by banks around the world. The files suggest that the NSA is actively targeting international banking bureaus, specifically through a widespread global protocol for secure financial messaging and transactions. According to the files, two NSA programs known as JEEPFLEA_POWDER and JEEPFLEA_MARKET exist to specifically compromise SWIFT bureaus and services.

TechCrunch has contacted Microsoft and SWIFT for comment and will update if we hear back.

Update: A Microsoft spokesperson told TechCrunch that “We are reviewing the report and will take the necessary actions to protect our customers.”

Update 2 (4/15/17): Microsoft says that, after investigating exploits, it has been able to patch most, while the remaining won’t reproduce on systems running Windows 7 and above. So anyone with a relatively recent version of the operating system should be covered. Those with older versions, however, might still be at risk with unsupported systems — as compelling a reason as any to consider an upgrade.