Categories: News

New NSA Windows Hacking Tool Leaks

Back in May, the WannaCry ransomware decimated millions of Windows PC around the world. Later, a similar worm – dubbed EternalRocks – compromised a load more Windows machines. Hacker group ShadowBrokers released WannaCry and EternalRocks – both stolen NSA hacking tools – promising more to come. Now, it seems ShadowBrokers are true to their word. The group unveiled a fresh NSA hacking tool: a Trojan known as UNITEDRAKE. UNITEDRAKE is able to compromise Windows systems from XP to Windows Server 2012, and pretty much every version in-between.


Edward Snowden first revealed the existence of UNITEDRAKE, thanks to the NSA documents he leaked in 2013. The Trojan is able to remotely target a wide array of Windows machines. Specifically, vulnerable Windows versions include XP, Server 2003, Server 2008, Vista, 7 SP1, 8, and Server 2012. The malware can spy on communications, including microphone and webcam usage, plus record keystrokes. Afterwards, UNITEDRAKE self-destructs upon completion of its tasks.

ShadowBrokers released the UNITEDRAKE manual [PDF] over the last few days. ShadowBrokers describes UNITEDRAKE thusly (via Schneier on Security):

“Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information.

UNITEDRAKE, described as a “fully extensible remote collection system designed for Windows targets,” also gives operators the opportunity to take complete control of a device.

The malware’s modules — including FOGGYBOTTOM and GROK — can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed.”

In The Wild?

Kaspersky Labs found evidence of UNITEDRAKE in the wild two years ago, presumably being used by its creator, the NSA. In fact, Kaspersky mentions the Equation Group, an entity assumed to be an NSA operator:

“The capabilities of several tools in the catalog identified by the codenames UNITEDRAKE, STRAITBAZZARE, VALIDATOR and SLICKERVICAR appear to match the tools Kaspersky found. These codenames don’t appear in the components from the Equation Group, but Kaspersky did find “UR” in EquationDrug, suggesting a possible connection to UNITEDRAKE (United Rake). Kaspersky also found other codenames in the components that aren’t in the NSA catalog but share the same naming conventions­they include SKYHOOKCHOW, STEALTHFIGHTER, DRINKPARSLEY, STRAITACID, LUTEUSOBSTOS, STRAITSHOOTER, and DESERTWINTER.”

However, ShadowBrokers only released the UNITEDRAKE manual thus far, not the Trojan itself. The manual, though, serves as a brochure for potential buyers. Should a malicious party purchase UNITEDRAKE, the malware will surely wreak havoc.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Corsair HS80 RGB USB Wired Gaming Headset Review

Corsair continues to dominate the PC market with stunning peripherals, class-leading quality and award-winning performance.…

2 hours ago

Latest GeIL DDR5 Memory Features Dual RGB Fans

GeIL has just revealed their latest memory kit, the EVO V DDR5 RGB Hardcore Gaming…

1 day ago

NVIDIA GTX 1630 Coming This Month!

It looks like Nvidia has given us almost everything we need to know about their…

1 day ago

RTX 4090 Ti Heatsink is Hilariously Massive

A series of photos have surfaced on the Chiphell forums showing the true horror of the…

2 days ago

Need for Speed 3 in UE5 is Awesome!

I'm a big fan of the old Need for Speed games, and while I admit…

2 days ago

ASUS Announces ROG Strix Flow X16 Gaming Notebook

ASUS has just revealed the latest addition to their notebook family. The ASUS ROG Flow…

2 days ago