We recently came across evidence of a large-scale cybercrime activity that appears to combine targeted attack tools and regular cybercrime: The attackers distribute typical malware such as cryptocurrency miners and ransomware by making use of sophisticated tools that were previously mostly seen in targeted attacks.Read More
On April 14, 2017, The Shadow Brokers (TSB) leaked a bevy of hacking tools named “Lost in Translation.” This leak is notorious for having multiple zero-day remote code execution (RCE) vulnerabilities targeting critical protocols such as Server Message Block (SMB) and Remote Desktop Protocol (RDP) and applications like collaboration and web server-based software. The exploit toolkit includes EternalBlue, EternalChampion, EternalSynergy, EsteemAudit, EchoWrecker, ExplodingCan, EpicHero, and EWorkFrenzy, among others.
The leak also contains multiple post-exploitation implants and utilities, used for maintaining persistence on the infected system, bypassing authentication, performing various malicious activities, and establishing command-and-control (C&C) channels with a remote server, among others. Five of the most notable implants include DoublePulsar, PeddleCheap, ExpandingPulley, KillSuit (KiSu), and DanderSpritz, which all have different capabilities, features, and usage.Read More