A group calling itself the Shadow Brokers has publicly released a collection of hacking tools that were allegedly stolen from a US intelligence agency. The released tools are affecting multiple software products and operating systems.

eSentire expects that these leaked tools will be used actively by cybercriminals. Documents which accompanied the disclosure are said to reveal targeted intelligence operations against major companies including SWIFT. These claims have not been publically confirmed.

 

Recommended Actions:

  • The majority of Windows related vulnerabilities have been patched in the March 14, 2017 security update.  Ensure that appropriate MS security updates are applied to all affected products.
  • Contact affected vendors for patch availability.
  • Migrate away from any end-of-life Microsoft products as soon as possible.

 

Additional Details:

  • Exposed software includes the following products:
    • RedHat 7.0 - 7.1
    • Sendmail 8.11.x
    • Solaris 6, 7, 8, 9 & 10 (possibly newer)
    • Samba 3.0.x
    • IBM Lotus Notes & IBM Lotus Domino 6.5.4 - 8.5.2
    • IMail 7.04 - 8.22
    • Windows NT4.0, 2000, XP SP1 & SP2, VISTA, 2003 SP1, 2008 and 2008 R2, Windows 7 SP1, Windows 8
  • The vulnerability does not affect Microsoft Office on Mac OS X.

 

References:

Microsoft statement:
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

SWIFT statement
https://www.swift.com/news-events/press-releases/media-faq_shadow-brokers

See the latest security advisories

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory and Managed Prevention capabilities.