Skip to main content
Black Listed News
Trending Articles:
Trending Articles:

Shadow Brokers leaks show U.S. spies successfully hacked Russian, Iranian targets

Published: April 19, 2017
Share | Print This


Source: Cyber Scoop

The leaked NSA documents and tools published in recent months by the mysterious Shadow Brokers group have provided rare insight into the clandestine digital espionage operations pursued by the spy agency over the past few years, including information on operations aimed at Iran and Russia.

Last Friday the rogue group released a new package of NSA files, this time detailing numerous tools designed to break into older versions of Microsoft Windows and a campaign to compromise banking networks in the Middle East. Additional targets were also mentioned one weekprior in a separate archive that was largely ignored by most media outlets.

Yet the document cache published April 8 provides evidence that the NSA had once launched a series of successful computer-based intrusions against multiple high-profile foreign targets, including the Office of the President of Iran and the Russian Federal Nuclear Center, said two former intelligence officials who spoke to CyberScoop on the condition of anonymity due to their knowledge of internal operations. That release contained files with earmarked organizations and other evidence that explains how certain cyberattacks were engineered.

“The fact that this is in there the way it is means these targets were definitely owned,” one former intelligence official said. “It means it was a successful op, plain and simple.”

Another former intelligence official that worked at the NSA and also spoke on condition of anonymity said the April 8 document dump offered authentic internal information regarding past agency operations.

While the Shadow Brokers published a list of 300 IP addresses last October that were supposedly once compromised by the spy agency, it was not until recently that researchers were provided with more comprehensive targeting data.

An analysis of one archive presented by the Shadow Brokers reveals a collage of web domains and hardware systems that were at one point targeted by the NSA and attacked with a suite of hacking tools. These domains include:

  • dolat.ir: Islamic Republic of Iran Presidential Office website
  • vniitf.ru: Russian Federal Nuclear Center website
  • mail.prf.gov.ru: a mail server for the Presidential Administration of Russia (aprf.gov.ru is no longer online)
  • vega-int.ru: a website for Russian internet service provider, Vega-Internet
  • snz.ru: a website for the office providing telecommunications and other internet support for Vniitf.ru
  • minatom.ru: a website of the Ministry for Atomic Energy of the Russian Federation
  • udprf.ru: the Office of the President of the Russian Federation website
  • rowdaco.com: a defunct website once apparently used by a Somalia-based electronics store, Rowda Electronics Company
  • ikoula.com: a website for a French data storage and server rental company

A closer look at the full filenames in the archive provides additional insight. The websites themselves represent targeted host machines, or boxes, each of which is paired with two different codenames— one for the hacking tool used and another for the associated operation.

REad MOre...

Share This Article...


Emigrate While You Still Can! Learn more...



More Blacklisted News...

Free Newsletter
Blacklisted Radio
Blacklisted Nation
On Twitter
On Reddit
On Facebook
Blacklisted Radio:
Podcasts on Youtube
Podcasts on Demand
Podcasts on Spreaker
Podcasts on Stitcher
Podcasts on iTunes
Podcasts on Tunein

Our IP Address:
198.245.55.242

Sponsors:
good
longboard
brands


ONNIT Labs


Calling for Contributors!

Got something to say?
We want to hear from you.

Submit your article contributions and participate in the world's largest independent online news community today!

Contact us today!






BlackListed News 2006-2017