Shadow Brokers Hacking Tools Leak

A group calling itself the Shadow Brokers has publicly released a collection of hacking tools that were allegedly stolen from a US intelligence agency. The released tools are affecting multiple software products and operating systems.

eSentire expects that these leaked tools will be used actively by cybercriminals. Documents which accompanied the disclosure are said to reveal targeted intelligence operations against major companies including SWIFT. These claims have not been publically confirmed.

Recommended Actions:

• The majority of Windows related vulnerabilities have been patched in the March 14, 2017 security update. Ensure that appropriate MS security updates are applied to all affected products.
• Contact affected vendors for patch availability.
• Migrate away from any end-of-life Microsoft products as soon as possible.

Additional Details:

• Exposed software includes the following products:
  • RedHat 7.0 - 7.1
  • Sendmail 8.11.x
  • Solaris 6, 7, 8, 9 & 10 (possibly newer)
  • Samba 3.0.x
  • IBM Lotus Notes & IBM Lotus Domino 6.5.4 - 8.5.2
  • IMail 7.04 - 8.22
  • Windows NT4.0, 2000, XP SP1 & SP2, VISTA, 2003 SP1, 2008 and 2008 R2, Windows 7 SP1, Windows 8
• The vulnerability does not affect Microsoft Office on Mac OS X.

References:

Microsoft statement:
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

SWIFT statement
https://www.swift.com/news-events/press-releases/media-faq_shadow-brokers