Cisco confirms Shadow Brokers vulnerabilities are real

Concerns are rising over the security and integrity of NSA data

NSA data

Cisco has confirmed two exploits in a cache of "cyber weapons" are legitimate, prompting fears over the security of NSA data.

A group calling itself Shadow Brokers claimed it had cracked into an NSA-associated hacking group earlier this week, alleging it was auctioning off a collection of malware files belonging to NSA-linked cyber attack group Equation Group.

The confirmation follows speculation Russia was responsible for the hack, though there is little evidence to prove this is the case.

The files, described as "cyber weapons", are being auctioned off by the group for bitcoin. Shadow Brokers says it could release the code to the files for free if it passes its target of one million bitcoins.

The amount is equivalent to one fifteenth of the total amount of bitcoin in circulation, according to Kaspersky.

The security company said it had a high degree of confidence that the Shadow Brokers' tools are related to the Equation Group, and that the chances they are faked are "highly unlikely".

Whistle-blower organisation WikiLeaks said it had obtained its own copy of the archive, which it plans to release "in due course".

Edward Snowden has suggested the breach is a warning that if the US accuses Russia of hacking into the Democratic National Party (DNC) and leaking private documents, it will leak confidential US cyber intelligence in response.

"I suspect this is more diplomacy than intelligence, related to the escalation around the DNC hack," he tweeted. "This leak is likely a warning that someone can prove US responsibility for any attacks that originated from this malware server ... that could have significant foreign policy consequences."

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021
Mimecast admits hackers accessed users’ Microsoft accounts
Security

Mimecast admits hackers accessed users’ Microsoft accounts

13 Jan 2021
What is public key infrastructure (PKI)?
Security

What is public key infrastructure (PKI)?

12 Jan 2021

Most Popular

150,000 arrest records accidentally deleted from police database
data management

150,000 arrest records accidentally deleted from police database

15 Jan 2021
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

12 Jan 2021