A year ago, a well known hacking group called “Shadow Brokers” Leaked tons of NSA hacking Dump that contains a Zero-day exploit to install the malware on the target machine and compromise it.
Many of the studies and experts have concluded it with Zero day exploits and other most potent tools.
But recent research revealed that leaked documents contain a collection of scripts and scanning tools that the National Security Agency.
Collection of newly discovered tools are used to detect other nation-state hackers on the machines it infects.
In this case, NSA Used those tools to tracking at least 45 different nation-state operations using the Advanced persistent threats.
A Hungarians security researchers studied the tools and scripts that was leaked by shadow brokers known as Territorial Dispute, or TeDi.
During this operation, NSA wants to know if foreign spies are in the same machines Because When the NSA hacks machines in Iran, Russia, China, and elsewhere, other hackers can steal NSA tools or spy on NSA activity in the machines.
Also NSA very concern about another hacker that they can also cause the NSA’s own operations to get exposed.
If NSA finds someone in the same machine, they decide to withdraw or proceed with extra caution.
“According to the intelligence source that said to theintercept, “They started to become concerned about sitting on a box with our tools and there being other actors there that could steal or figure out what we were doing”. It was to avoid being detected.
In this case, None of the advanced threat groups are identified in the NSA scripts by names commonly used for them by the research community — instead, the NSA calls them Sig1, Sig2, etc.
but Hungarian researchers spent a lot more time going through the scripts to try to match them to known malware samples and advanced threat groups.
In at least one case, involving a sophisticated hacking group known as Dark Hotel, believed to be from South Korea and targeting entities in Asia, it appears the NSA may have been tracking some of the group’s tools in 2011, about three years before the broader security community discovered them.theintercept said.
Source : GBHackers