A new release from the malicious leaker or leakers known as The ShadowBrokers contains evidence the National Security Agency hacked a banking network used to transfer money between financial institutions.
"This is by far, the most interesting release from Shadow Brokers as it does not only contains tools," researcher Matt Suiche, founder of UAE-based cyber security firm Comae and the Dubai cybersecurity conference OPCDE, wrote in a Medium post.
The ShadowBrokers first appeared last summer, trying to auction stolen hacking tools from the Equation Group, who were long believed to be affiliated with the NSA.
The first dumps by the Brokers were source code the group hoped would prove they had the wares they claimed to be selling. The code appears to be authentic. The Intercept identified a secret, unique tracking code mentioned in one hacking tool released by the Brokers that matched a code in an unreleased file from the Edward Snowden archives.
The new archive of files contains a trove of documents on the SWIFT financial transactions network showing the NSA may have breached EastNet and BCG, SWIFT service bureaus in the Middle East and South America — including login credentials and internal network architecture.
SWIFT is used internationally to request transfers of funds between financial institutions. Accessing the service bureau would give insight into transactions going to and from the bank.
“It contains the evidences of the largest infection of a SWIFT Service Bureau to date,” Suiche later added.
A separate, recent criminal breach into the SWIFT network facilitated a string of digital bank robberies totaling in the hundreds of millions of dollars. Those robberies are believed to be the work of the North Korean hacking group known as Lazarus.
The Shadow Brokers also released a large cache of files that appear to contain usable hacking techniques to target Windows computers. It is unclear how many of the security flaws used in these techniques were repaired in between the file’s creation and the Brokers’ release. Files released by the group have been of varying ages; the last release from the Shadow Brokers contained vulnerabilities to operating systems that were borderline archaic.
The first dump of files from the Brokers contained previously unknown security vulnerabilities in security hardware from manufacturers like Cisco and Juniper Networks. Despite manufacturers racing to mend their products, hackers have been found trying to take advantage of the hacking techniques from that first release of source code.
The Shadow Brokers were never able to sell their archives at a price they deemed worthy and eventually claimed to be giving up on the sale.
The group had been largely quiet since January until this weekend, when the Brokers released a new set of files in purported protest of President TrumpDonald TrumpBaldwin calls Trump criticism following 'Rust' shooting 'surreal' Haley hits the stump in South Carolina Mary Trump files to dismiss Trump's lawsuit over NYT tax story MORE not staying true to his populist principles. Though the Shadow Brokers messages have always been written in broken English, the group claims to have voted for Trump
The new leaks renew the group's call for monetary compensation.