Older Windows Systems Targeted by Newly Released Hack Tools

Microsoft is investigating reports about leaked hacking tools that target older Windows systems.

The tools were announced on Friday by a group calling itself "The Shadow Brokers." A Microsoft spokesperson provided a statement via e-mail, stating that "we are reviewing the report and will take the necessary actions to protect our customers."

The Shadow Brokers has been posting hacking tools to the GitHub repository in an online auction over the last year, according to Wikipedia's account. The tools are alleged to have come from the U.S. National Security Agency.

The tools date from 2013, so they're thought to affect Windows systems older than Windows 10, according to a Motherboard story posted today. One hacking tool, called "FuzzBunch," appears to affect Windows 8, Windows 7 and Windows Vista, as well as Windows Server 2000 though Windows Server 2012, according to the story.

The GitHub post of the tools by The Shadow Brokers contains three folders, marked "oddjob," "swift" and "windows," which can be unlocked by a password that was released by the group. The swift folder contains PowerPoint slides suggesting that the Middle East network used by the Society for Worldwide Interbank Financial Telecommunication (SWIFT) for financial transactions was targeted by the NSA, according to a blog post by Microsoft Most Valuable Professional Matt Suiche. Banks in Bangladesh and Ramallah, Palestine were targeted, he indicated, regarding the released materials.

The Windows hacking tools that were released are used for remote exploits. They have names such as "EternalRomance," "EnternalChampion" and "ExternalBlue." Some of the targeted Windows versions, such as Windows Vista and Windows 2008, have fallen out of support. Consequently, their flaws won't get patched, Suiche noted.

The oddjob folder contains various log files and Excel documents, plus PowerPoint files marked "Top Secret," according to Suiche.

The release of the tools comes after WikiLeaks today published documents about purported CIA backend malware with a "public-facing HTTPS interface." WikiLeaks also released more so-called CIA "Vault 7" attack tools earlier this month that are designed to target Windows systems.

This week, CIA Director Mike Pompeo called WikiLeaks a "hostile intelligence service," according to a New York Times article. WikiLeaks, which provides leaked materials to journalists, is perhaps best known for its release of a video showing a U.S. military helicopter gunning down civilians in Iraq.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.