Hacker Successfully Runs Equation Group Exploit on Cisco Firewall

Spread the love

A Twitter user by the name of “XORcat” successfully executed an exploit from the Equation Group’s leaked files on a Cisco ASA firewall. The files were published over the weekend by a group calling itself the Shadowbrokers.

In a blog post, XORcat writes that after publishing the leaked files, it decided to try one of the exploits. His choice fell on the ExtraBacon exploit, which was written for a Cisco ASA. The hacker says he has experience with these types of firewalls. To apply the exploit, the attacker must have read access with snmp, in addition to access with telnet or ssh.

Also, the firewall software must not exceed version 8.4(4). Ultimately, XORcat successfully executes the exploit in a test environment, allowing it to gain access without providing credentials. At the end of his post, he writes, “There you go, the NSA has written easy-to-use exploits.” It’s unclear who XORcat is, because his Twitteraccount was created very recently. On Reddit, a user of the same name says he recently started writing blog posts.

Following the message, it seems that at least some of the leaked files contain working exploits. Edward Snowden has also commented on the case on Twitter in a series of tweets. He stilt adding that the data likely came from an NSA staging server and that someone didn’t remove the tools after an operation. It would also not be the first time that an NSA server has been hacked, but its publication would be a first.

Snowden suspects that there are diplomatic reasons for publishing the leaked files and that it is likely that Russia is responsible for the publication. In addition, it would be an important signal, because it could possibly be proven that American attacks were carried out from the hacked server. He sums up his posts by saying that the leak gives the impression that “someone wants to send a message that an escalation in assigning the hack to the DNC could quickly turn out badly.”

The leaked files in question appeared on the internet over the weekend and an unknown group called “Shadowbrokers” claimed responsibility for a hack on an Equation Group server. It is suspected that this group is associated with the NSA. The Shadowbrokers have published some of the captured files, including the ExtraBacon exploit. They want to auction another part. There is no time limit to the auction, although the group claims to stop it once 1 million bitcoin has been transferred.

You might also like
Exit mobile version