Cyber spies conducting an international hacking campaign have leveraged several leaked tools likely created by the U.S. government, a security firm warned Thursday.
Symantec reported that Waterbug, an espionage group previously linked to Russia, was recently caught deploying specialized software created by combining four previously leaked exploits allegedly stolen from the U.S. National Security Agency.
Symantec said the group, which is also known by the name Turla, had developed a “custom hacking tool that combines four leaked Equation Group tools (EternalBlue, EternalRomance, DoublePulsar, SMBTouch) into a single executable.”
Equation Group is the name used by cybersecurity companies to refer to a different espionage group widely suspected of being a division of the NSA. Each of the four tools was leaked online in 2017 by The Shadow Brokers, a mysterious entity that claimed to have hacked Equation Group and stolen several of its “cyber weapons.”
Waterbug recently used the custom hacking tool during the course of a campaign that has targeted 13 organizations across 10 different countries over the last 18 months, Symantec reported.
Over two years after The Shadow Brokers first surfaced, the Waterbug campaign is hardly the only example of its leaks being leveraged by suspected state-sponsored hackers. EternalBlue and DoublePulsar were combined within weeks of being leaked online and used to wage the unprecedented WannaCry ransomware attack that infected computers across 150 countries in May 2017. The U.S. has since attributed that attack to the North Korean government.
NSA did not immediately return a request for comment.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.