Chinese, Russian Cyber Groups Research Shadow Brokers Malware

  /     /     /  
Publicated : 22/11/2024   Category : security


Chinese, Russian Cyber Groups Research Shadow Brokers Malware


Cyber communities in China and Russia have started digging into the most recent release of malware from Shadow Brokers.



Chinese and Russian cyber communities have begun investigating malware disclosed in the April Shadow Brokers data dump, reports Recorded Future.
Earlier this month, the Shadow Brokers hacking group released a series of tools allegedly belonging to the NSA. Now foreign security researchers and cyber actors are digging into these previously undisclosed vulnerabilities and exploits, and learning how they work.
The criminal underground has spotted a huge opportunity here to piggyback on these exploits before theres large-scale patching across the world, says Levi Gundert, VP of intelligence and strategy at Recorded Future.
Recorded Futures
research indicates
there is broad interest in Shadow Brokers tools among the Chinese and Russian cyber communities. Many actors likely see potential to make a lot of money through spam, botnets, ransomware, and other new tools, he continues.
When the Shadow Brokers release was announced, researchers pulled key trends and phrases around tools specifically mentioned in dark web forms and monitored their activity. They noticed communities were particularly interested in the exploit framework, SMB malware, and the privilege escalation tool.
Specifically, Chinese actors are looking into unique malware triggers. Many seem to think the underlying vulnerability exploited by these tools has not been fully patched. Whats more, Chinese APT groups have shown they can quickly weaponize zero-day vulnerabilities -- another sign that threat actors from the country may reuse the Shadow Brokers malware.
This is really a feeding frenzy for the criminal community, Gundert says of the Shadow Brokers leak. Its like Christmas has come early for them.
He anticipates well see an increase in chatter throughout these communities, and growth of exploitation and monetization as cybercriminals pursue opportunities to improve their hacking techniques based on higher-level toolsets. Its clear they come from an advanced group.
These are very sophisticated tools and techniques, generally above the reach of the criminal underground community, he explains.
For businesses trying to protect themselves, Gundert recommends understanding what these exploits are, and ensuring there is a vulnerability management program in place.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Chinese, Russian Cyber Groups Research Shadow Brokers Malware