New NSA Windows Hacking Tool Leaks

/ 3 years ago

New NSA Windows Hacking Tool Leaks

Back in May, the WannaCry ransomware decimated millions of Windows PC around the world. Later, a similar worm – dubbed EternalRocks – compromised a load more Windows machines. Hacker group ShadowBrokers released WannaCry and EternalRocks – both stolen NSA hacking tools – promising more to come. Now, it seems ShadowBrokers are true to their word. The group unveiled a fresh NSA hacking tool: a Trojan known as UNITEDRAKE. UNITEDRAKE is able to compromise Windows systems from XP to Windows Server 2012, and pretty much every version in-between.


Edward Snowden first revealed the existence of UNITEDRAKE, thanks to the NSA documents he leaked in 2013. The Trojan is able to remotely target a wide array of Windows machines. Specifically, vulnerable Windows versions include XP, Server 2003, Server 2008, Vista, 7 SP1, 8, and Server 2012. The malware can spy on communications, including microphone and webcam usage, plus record keystrokes. Afterwards, UNITEDRAKE self-destructs upon completion of its tasks.

unitedrake e1505225333792

ShadowBrokers released the UNITEDRAKE manual [PDF] over the last few days. ShadowBrokers describes UNITEDRAKE thusly (via Schneier on Security):

“Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information.

UNITEDRAKE, described as a “fully extensible remote collection system designed for Windows targets,” also gives operators the opportunity to take complete control of a device.

The malware’s modules — including FOGGYBOTTOM and GROK — can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed.”

In The Wild?

Kaspersky Labs found evidence of UNITEDRAKE in the wild two years ago, presumably being used by its creator, the NSA. In fact, Kaspersky mentions the Equation Group, an entity assumed to be an NSA operator:

“The capabilities of several tools in the catalog identified by the codenames UNITEDRAKE, STRAITBAZZARE, VALIDATOR and SLICKERVICAR appear to match the tools Kaspersky found. These codenames don’t appear in the components from the Equation Group, but Kaspersky did find “UR” in EquationDrug, suggesting a possible connection to UNITEDRAKE (United Rake). Kaspersky also found other codenames in the components that aren’t in the NSA catalog but share the same naming conventions­they include SKYHOOKCHOW, STEALTHFIGHTER, DRINKPARSLEY, STRAITACID, LUTEUSOBSTOS, STRAITSHOOTER, and DESERTWINTER.”

However, ShadowBrokers only released the UNITEDRAKE manual thus far, not the Trojan itself. The manual, though, serves as a brochure for potential buyers. Should a malicious party purchase UNITEDRAKE, the malware will surely wreak havoc.

Topics: ,


By supporting eTeknix, you help us grow and continue to bring you the latest newsreviews, and competitions. Follow us on FacebookTwitter and Instagram to keep up with the latest technology news, reviews and more. Share your favourite articles, chat with the team and more. Also check out eTeknix YouTube, where you'll find our latest video reviews, event coverage and features in 4K!

Looking for more exciting features on the latest technology? Check out our What We Know So Far section or our Fun Reads for some interesting original features.

eTeknix Facebook eTeknix Twitter eTeknix Instagram eTeknix Instagram

Check out our Latest Video

Send this to a friend