Stolen NSA hacking tools were used in the wild 14 months before Shadow Brokers leak

Enlarge / The National Security Agency headquarters in Fort Meade, Maryland. (credit: National Security Agency)
One of the most significant events in computer security happened in April 2017, when a still-unidentified group calling itself the Shadow Brokers published a trove of the National Security Agency’s most coveted hacking tools. The leak and the subsequent repurposing of the exploits in the WannaCry and NotPetya worms that shut down computers worldwide made the theft arguably one of the NSA’s biggest operational mistakes ever.
On Monday, security firm Symantec reported that two of those advanced hacking tools were used against a host of targets starting in March 2016, fourteen months prior to the Shadow Brokers leak. An advanced persistent threat hacking group that Symantec has been tracking since 2010 somehow got access to a variant of the NSA-developed 'DoublePulsar' backdoor and one of the Windows exploits the NSA used to remotely install it on targeted computers.
Killing NOBUS
The revelation that the powerful NSA tools were being repurposed much earlier than previously thought is sure to touch off a new round of criticism about the agency’s inability to secure its arsenal.
Read 13 remaining paragraphs | Comments