Chinese, Russian Cyber Groups Research Shadow Brokers Malware
Cyber communities in China and Russia have started digging into the most recent release of malware from Shadow Brokers.
Chinese and Russian cyber communities have begun investigating malware disclosed in the April Shadow Brokers data dump, reports Recorded Future.
Earlier this month, the Shadow Brokers hacking group released a series of tools allegedly belonging to the NSA. Now foreign security researchers and cyber actors are digging into these previously undisclosed vulnerabilities and exploits, and learning how they work.
"The criminal underground has spotted a huge opportunity here to piggyback on these exploits before there's large-scale patching across the world," says Levi Gundert, VP of intelligence and strategy at Recorded Future.
Recorded Future's research indicates there is broad interest in Shadow Brokers' tools among the Chinese and Russian cyber communities. Many actors likely see potential to make a lot of money through spam, botnets, ransomware, and other new tools, he continues.
When the Shadow Brokers release was announced, researchers pulled key trends and phrases around tools specifically mentioned in dark web forms and monitored their activity. They noticed communities were particularly interested in the exploit framework, SMB malware, and the privilege escalation tool.
Specifically, Chinese actors are looking into unique malware triggers. Many seem to think the underlying vulnerability exploited by these tools has not been fully patched. What's more, Chinese APT groups have shown they can quickly weaponize zero-day vulnerabilities -- another sign that threat actors from the country may reuse the Shadow Brokers malware.
"This is really a feeding frenzy for the criminal community," Gundert says of the Shadow Brokers leak. "It's like Christmas has come early for them."
He anticipates we'll see an increase in chatter throughout these communities, and growth of exploitation and monetization as cybercriminals pursue opportunities to improve their hacking techniques based on higher-level toolsets. It's clear they come from an advanced group.
"These are very sophisticated tools and techniques, generally above the reach of the criminal underground community," he explains.
For businesses trying to protect themselves, Gundert recommends understanding what these exploits are, and ensuring there is a vulnerability management program in place.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024