https://securelist.com/darkpulsar/88199/
In March 2017, the ShadowBrokers published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch.
DanderSpritz consists entirely of plugins to gather intelligence, use exploits and examine already controlled machines. It is written in Java and provides a graphical windows interface similar to botnets administrative panels as well as a Metasploit-like console interface. It also includes its own backdoors and plugins for not-FuzzBunch-controlled victims
One of the most interesting Fuzzbunch’s categories is called ImplantConfig and includes plugins designed to control the infected machines via an implant at the post-exploitation stage. DarkPulsar is a very interesting administrative module for controlling a passive backdoor named ‘sipauth32.tsp’ that provides remote control, belonging to this category.
We found around 50 victims located in Russia, Iran and Egypt, typically infecting Windows 2003/2008 Server. Targets were related to nuclear energy, telecommunications, IT, aerospace and R&D.
The FuzzBunch and DanderSpritz frameworks are designed to be flexible and to extend functionality and compatibility with other tools. Each of them consists of a set of plugins designed for different tasks: while FuzzBunch plugins are responsible for reconnaissance and attacking a victim, plugins in the DanderSpritz framework are developed for managing already infected victims.
The discovery of the DarkPulsar backdoor helped in understanding its role as a bridge between the two leaked frameworks, and how they are part of the same attacking platform designed for long-term compromise, based on DarkPulsar’s advanced abilities for persistence and stealthiness. The implementation of these capabilities, such as encapsulating its traffic into legitimate protocols and bypassing entering credentials to pass authentication, are highly professional.
Lot of technical details in the article but it's a great read if you're into nation-state hacking tools
Title made me think that it was some body implant or something, didn't know we went full Deus ex
I thought about secretly added hardware in victim computers.
On that topic, Bloomberg hasn't provided any proof and Amazon, Apple, and pretty much all the other major affected parties are denying everything. Even a major guy at the NSA was like "if anyone's got any evidence of this happening we'd like to talk to them" which is not something you expect out of an intelligence agency if they already know everything about the alleged exploit. Also, considering the massive range of the exploit, Bloomberg only had eleven sources; eleven would ordinarily be a good number but this alleged conspiracy would touch tens of thousands of people from the Chinese military through the entire computer component supply chain and into the server rooms of some of the largest computational-focused entities in the US.
But we've known since Stuxnet was revealed, if not even earlier, that the new international war theatre is cyberwarfare and implanting malware to perform remote sabotage and espionage. This is just another episode of peeling back the curtain on secret weapons of (digital) war.
Can we just appreciate that there is an actual hacker/leak group known as The ShadowBrokers in real life? If this were actual deus ex surveillance implants into peoples bodies I wouldn't have even been surprised tbh.
It's crazy shit, the Shadow Brokers are the arch enemies of another hacking outlet known as the Equation Group. In reality, the Shadow Brokers are believed to be a front for Russian intelligence and the Equation Group is almost confirmed at this point to be a unit of the NSA.
So did they get their name before or after mass effect
Sorry, you need to Log In to post a reply to this thread.
