Kaspersky Says that Shadow Brokers Leaked Malware is Genuine

They say that devil is in details. Particularly in this case, GReAT (Global Research & Analysis Team) of Kaspersky Lab says that presence of the RC5 as well as RC6 encryption algorithms within the malware that was dumped by The Shadow Brokers was the prime factor leading them to arrive to the conclusion.

Today, security firm said that its analysis revealed "several hundred tools" from this leak was having "strong connection" with Kaspersky's previous findings about Equation Group. The Equation Group was first linked with National Security Agency by Kaspersky in February 2015. During that time, the group has been labeled by Kaspersky as the most advanced hacking collective that it had encountered.

During their preliminary analysis of Equation Group malware, Kaspersky said that it had found samples of 20 different malwares where crooks had used the RC5 as well as RC6 code. They found samples of 347 different malware in the data dumped by The Shadow Brokers.

Kaspersky said today that the Shadow Brokers published data contains an implementation of RC5 as well as RC6 encryption algorithms, which is similar to Equation Group malware's RC5 as well as RC6 code. It said that this particular implementation has just been seen earlier with malware of the Equation Group.

Moreover, the team of security vendor's also found patterns of coding in the dumped malware unique to the way the Equation Group wrote its hacking tools, and unique to it alone. Hackers known as "Shadow Brokers" claimed yesterday that they have stolen the tools from the Equation Group.

Itnews.com posted on August 17th, 2016, as written by researchers of Kaspersky that "comparing the older, known Equation RC6 code and the code used in most of the binaries from the new leak we observe that they are functionally identical and share rare specific traits in their implementation".

Shadow Brokers are presently running an open auction for remaining Equation Group malware. Till now, the group just made 1.629 Bitcoin or A$1231 which is a lot more modest, in spite of asking 1 million Bitcoin for releasing remainder of files.

» SPAMfighter News - 8/22/2016