Older Windows Systems Targeted by Newly Released Hack Tools -- Redmondmag.com

Older Windows Systems Targeted by Newly Released Hack Tools

By Kurt Mackie
04/14/2017

Microsoft is investigating reports about leaked hacking tools that target older Windows systems.

The tools were announced on Friday by a group calling itself "The Shadow Brokers." A Microsoft spokesperson provided a statement via e-mail, stating that "we are reviewing the report and will take the necessary actions to protect our customers."

The Shadow Brokers has been posting hacking tools to the GitHub repository in an online auction over the last year, according to Wikipedia's account. The tools are alleged to have come from the U.S. National Security Agency.

The tools date from 2013, so they're thought to affect Windows systems older than Windows 10, according to a Motherboard story posted today. One hacking tool, called "FuzzBunch," appears to affect Windows 8, Windows 7 and Windows Vista, as well as Windows Server 2000 though Windows Server 2012, according to the story.

The GitHub post of the tools by The Shadow Brokers contains three folders, marked "oddjob," "swift" and "windows," which can be unlocked by a password that was released by the group. The swift folder contains PowerPoint slides suggesting that the Middle East network used by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) for financial transactions was targeted by the NSA, according to a blog post by Microsoft Most Valuable Professional Matt Suiche. Banks in Bangladesh and Ramallah, Palestine were targeted, he indicated, regarding the released materials.

The Windows hacking tools that were released are used for remote exploits. They have names such as "EternalRomance," "EnternalChampion" and "ExternalBlue." Some of the targeted Windows versions, such as Windows Vista and Windows 2008, have fallen out of support. Consequently, their flaws won't get patched, Suiche noted.

The oddjob folder contains various log files and Excel documents, plus PowerPoint files marked "Top Secret," according to Suiche.

The release of the tools comes after WikiLeaks today published documents about purported CIA backend malware with a "public-facing HTTPS interface." WikiLeaks also released more so-called CIA "Vault 7" attack tools earlier this month that are designed to target Windows systems.

This week, CIA Director Mike Pompeo called WikiLeaks a "hostile intelligence service," according to a New York Times article. WikiLeaks, which provides leaked materials to journalists, is perhaps best known for its release of a video showing a U.S. military helicopter gunning down civilians in Iraq.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Multi-Tenant Organization Hooks Released for Microsoft 365

Microsoft Entra ID's new multi-tenant organization capabilities have reached general availability (GA).
Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.