惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
Cisco Blogs
Simon Willison's Weblog
Simon Willison's Weblog
Latest news
Latest news
P
Palo Alto Networks Blog
T
The Exploit Database - CXSecurity.com
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
AI
AI
阮一峰的网络日志
阮一峰的网络日志
量子位
Project Zero
Project Zero
Know Your Adversary
Know Your Adversary
Google Online Security Blog
Google Online Security Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
S
Schneier on Security
大猫的无限游戏
大猫的无限游戏
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
K
Kaspersky official blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
Visual Studio Blog
Spread Privacy
Spread Privacy
C
CERT Recently Published Vulnerability Notes
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
S
SegmentFault 最新的问题
Hugging Face - Blog
Hugging Face - Blog
W
WeLiveSecurity
博客园 - Franky
Last Week in AI
Last Week in AI
博客园 - 聂微东
博客园 - 三生石上(FineUI控件)
小众软件
小众软件
IT之家
IT之家
I
Intezer
The Cloudflare Blog
月光博客
月光博客
N
News | PayPal Newsroom
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
V2EX
博客园_首页
罗磊的独立博客
NISL@THU
NISL@THU
爱范儿
爱范儿
Jina AI
Jina AI
有赞技术团队
有赞技术团队
The Hacker News
The Hacker News
A
Arctic Wolf
Scott Helme
Scott Helme
Engineering at Meta
Engineering at Meta
P
Proofpoint News Feed

stuxnet Archives - Security Affairs

Fast16: Pre-Stuxnet malware that targeted precision engineering software The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran Iran hit by a more aggressive and sophisticated Stuxnet version Dragonfly 2.0: the sophisticated attack group is back with destructive purposes Microsoft Attempts To Fix Stuxnet For The Third Time The Stuxnet vulnerability is still one of the most exploited flaws in the wild by hackers Malware posing as Siemens PLC application is targeting ICS worldwide SCADA Sssh! Don’t Talk, Filter it Shocking, a German nuclear plant suffered a disruptive cyber attack A malware was found in Iran petrochemical complexes, but it’s not linked to recent incidents
The alleged link between the Shadow Brokers data leak and the Stuxnet cyber weapon
Pierluigi Paganini · 2017-04-18 · via stuxnet Archives - Security Affairs

Security researchers who analyzed the documents and hacking tools included in the last Shadow Brokers dump found a link to the Stuxnet virus.

On Friday, the Shadow Brokers leaked a new bunch of files belonging to the alleged NSA arsenal.

Security researchers who analyzed the documents and hacking tools included in the last dump have discovered many exploits specifically designed to compromise Windows systems.

Digging the archive, experts spotted a surprising exploit that was used in the Stuxnet cyber weapon, the malware used to destroy the Iranian nuclear programme in the Natanz plant.

According to Symantec researcher Liam O’Murchu, the exploit was developed for Windows’ MOF files and it is “almost the exact same script” used in Stuxnet.

“There is a strong connection between Stuxnet and the Shadow Brokers dump,” O’Murchu told Motherboard in an email. “But not enough to definitively prove a connection.”

Let’s see the similarities between the Stuxnet code and the exploit code in the last dump leaked by Shadow Brokers.

Below a portion of the script from Stuxnet.

Stuxnet code vs Shadow Brokers exploit

and this is a portion of the script dumped by The Shadow Brokers.

Of course, who has developed the tool included in the Shadow Brokers dump may have borrowed the script from the public knowledge of Stuxnet. The same code, for example, was included in the Metasploit framework allowing anyone to create a MOF file like the one exploited in Stuxnet attack.

O’Murchu highlighted that the MOF file creation tool in the Shadow Brokers dump presented a last compiled date set on September 9, 2010, a few months Stuxnet discovery, but “shortly before the code was added to Metasploit.”

The researcher Kevin Beaumont believe that there is link between Stuxnet and the exploit shared by Shadow Brokers.

https://twitter.com/GossiTheDog/status/852866191920173057

Lorenzo Franceschi-Bicchierai from Motherboard also reported that the Avast Antivirus detects some exploits in the Shadow Brokers dump as Stuxnet.

It is very curious, even in the case of false positive that the signatures of the exploits match the Stuxnet’s one.

Are we facing with the evidence that the NSA-linked Equation Group was involved in the Stuxnet attack, or is this a well organized false-flag operation?

“Therefore, the Stuxnet MOF file creation tool that the Shadow Brokers dropped on Friday is possibly the earliest technical evidence that NSA hackers and developers coded Stuxnet, as many suspect.” added Bicchierai.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – NSA, Shadow Brokers)