Russian computer security company Kaspersky has announced that it has unmasked a group of APT-type hackers.
The hacker group is believed to have been implicated in a data leak involving Shadow Brokers, which took place in 2017. It turns out that this is a group of hackers that had been observed for a very long time by the American aerospace agency the NSA.
This article will also interest you: A flaw in Kaspersky software that allows websites to collect personal data about users
The facts are happening exactly in 2017. A group of specialized hackers named Shadow Brokersen is the main actor. The group had published secret information from the National Security Agency (NSA) on the Internet, allowing a large number of people to access it. This information, which was published, consisted of a set of exploits and several tools used for computer hacking, including one of the most famous known as "EternalBlue. ", malicious code that had been used in the design of the WannaCry ransom program and two other infamous malware NotPetya and Bad Rabbit in 2017.
Also among the published data, there is not particularly a file that has attracted attention. It is called "sigs.py," which presents itself as a goldmine for information and information on transmissions. It's a program that has a feature that resembles that of a malware scanner. it is known that the U.S. intelligence agency used it for the purpose of analyzing the terminals infected with themselves, to see if these machines were already affected by programs produced by groups of hackers such as the APT "Advanced Persistent Threats".
The script sigs.py was built on the inclusion of certain signatures, which were completely unknown to the world of computer security until 2017, which clearly demonstrated that the U.S. agency was ahead of the curve in protecting computer security systems on private cybersecurity companies. which is shocking when you consider that the NSA could for a very long time detect and even observe the operations carried out by different groups of hackers, especially those with hostile interests.
However, in a report published last month, the elite unit, dedicated to the hunt for hackers, of the Private Security Agency Kaspersky, GReAT, had announced that it was in the footsteps of the mysterious pirate group, that is, the group of hackers who was being hunted by the NSA script. For researchers Kaspersky, script number 27 has identified files that make part of an organization called the "DarkUniverse" which consist of malware framework and also names that identify the group of pirates and their activities.
Note that this group of pirates was active in the vicinity of 2009 until 2017, and we always knew how to keep a low profile to avoid drawing the maximum attention to them, especially after the data leak "Shadowbrokers: "The suspension of its operations could be related to the publication of the leak "Lost in Translation ", or the attackers might simply have decided to move to more modern approaches and start using tools more widely available for their operations," the GReAT team said in an article detailing the darkUniverse malware framework.
Now access an unlimited number of passwords: