The Group Shadow Brokers has leaked more files which include a servers list allegedly used by the Equation Group – one of the contractors of the NSA – in its attacks.
In mid-august, Shadow Brokers emerged with proofs of their hack, when it leaked roughly 300 MB of firewall exploits and tools taken from Equation Group servers. While the sample exploits were old, it helped firewall vendors to discover unknown vulnerabilities in their products. Some of the popular firewall vendors affected include Cisco, Juniper, Fortigate, Watchguard, and TopSec.
The group initially auctioned the rest of the files it had, but when the plan failed, it announced to make it publicly available once they raise 10,000 bitcoins in crowdfunding. With the current situation of 2 bitcoins raised so far, it is unlikely that this plan will continue to work.
However, the Shadow Brokers group released a new batch of files on Monday. They explained that the domain and IPs mentioned in the archives correspond to servers used by the Equation Group to breach networks.
After the release of archives, the leak has been analyzed by various security researchers. One of the researchers Mustafa Al-Bassam said that the files contain a list of compromised servers to act as staging actors in the Equation group attacks. The researchers confirmed that the archives are old and date back between 2000 and 2010 and the affected servers have most likely be cleaned up or replaced.
