The ShadowBrokers didn’t break into the United States National Security Agency after all. The latest research into the group of cybercriminals selling alleged NSA spy tools reinforced the idea that they’d received the classified materials from an insider within the intelligence agency, security company Flashpoint said.
Analysis of the latest ShadowBrokers dump, which was announced earlier in the month on the blogging platform Medium by “Boceffus Cleetus,” suggests the spy tools were initially taken directly from an NSA code repository by a rogue insider, Flashpoint said. The company’s researchers analyzed the sample file containing implants and exploits and various screenshots provided in the post and have “medium confidence” that an NSA employee or contractor initially leaked the tools, said Ronnie Tokazowski, senior malware analyst with Flashpoint. However, they were still “uncertain of how these documents were exfiltrated,” he said.
To read this article in full or to leave a comment, please click here