The NSA told Microsoft about EternalBlue hack used in WannaCry
- Author: Joe Gonzales May 20, 2017,
May 20, 2017, 0:46
Interestingly enough, the NSA exploits the Shadow Brokers have may have come from a former NSA contractor who is said to have absconded with 50 terabytes of classified data and upwards of 75% of the hacking tools used and developed by the NSA's Tailored Access Operations unit. Is being like wine of month club.
Those patches included MS17-010, which contains a fix for the SMB exploit the Shadow Brokers leaked in April and now used by the WannaCry ransomware. According to them, the list includes "web browser, router, handset exploits and tools, exploits for Windows 10, compromised network data from more SWIFT providers and Central banks".
Stolen network information from Russian, Chinese, Iranian, and North Korean nuclear missile programs.
While the motives of the Shadow Brokers remains unknown, it claimed that it wasn't interested in the bug bounties paid by software firms for vulnerabilities found in their code or selling to "cyber thugs".
The exploit, codenamed EternalBlue, was first discovered by the NSA, but leaked to the world after the Shadow Brokers stole the agency's hacking arsenal.
Using trademark garbled English, the Shadow Brokers group said in an online statement that, from June, it will begin releasing software to anyone willing to pay for access to some of the tech world's biggest commercial secrets.
The group had also previously put exploits up for sale on ZeroNet for up to 250 bitcoins a piece ($454,815 today) in January, Motherboard reported.
The group also promised to include compromised financial data from the SWIFT worldwide payment order system, used by banks to transfer trillions of dollars each day, as well as confidential data from several central banks.
Based on previous announcements, there is no reason to doubt the group's claims, as they have always released the files they teased.
The NSA has not commented on Shadow Brokers since the group emerged a year ago, or the contents of past leaks.
Hacking tools believed to belong to the NSA that were leaked online last month were built into WannaCry ransomware - also known as WannaCrypt - that swept the globe on Friday. The US government has not commented directly on the matter.
The shadowy hacking group claimed that Microsoft released its vulnerability patch in March while also alleging that the Equation Group was paying U.S. tech companies not to patch vulnerabilities. Spokesperson from Microsoft has already said that they will be preparing a response for this claim from the hacking group.