A group calling itself the Shadow Brokers has publicly released a collection of hacking tools that were allegedly stolen from a US intelligence agency. The released tools are affecting multiple software products and operating systems.

eSentire expects that these leaked tools will be used actively by cybercriminals. Documents which accompanied the disclosure are said to reveal targeted intelligence operations against major companies including SWIFT. These claims have not been publically confirmed.

 

Recommended Actions:

  • The majority of Windows related vulnerabilities have been patched in the March 14, 2017 security update.  Ensure that appropriate MS security updates are applied to all affected products.
  • Contact affected vendors for patch availability.
  • Migrate away from any end-of-life Microsoft products as soon as possible.

 

Additional Details:

  • Exposed software includes the following products:
    • RedHat 7.0 - 7.1
    • Sendmail 8.11.x
    • Solaris 6, 7, 8, 9 & 10 (possibly newer)
    • Samba 3.0.x
    • IBM Lotus Notes & IBM Lotus Domino 6.5.4 - 8.5.2
    • IMail 7.04 - 8.22
    • Windows NT4.0, 2000, XP SP1 & SP2, VISTA, 2003 SP1, 2008 and 2008 R2, Windows 7 SP1, Windows 8
  • The vulnerability does not affect Microsoft Office on Mac OS X.

 

References:

Microsoft statement:
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

SWIFT statement
https://www.swift.com/news-events/press-releases/media-faq_shadow-brokers

eSentire Media Contacts

Mandy Bachus | eSentire | [email protected] | +1 519.651.2200 x5226 | @MandyBachus

Angela Tuzzo | MRB Public Relations | [email protected] | +1 732.758.1100 x105 | @MRB_PR

Ready to start the conversation about cybersecurity?
Talk to us today.
Let's Talk