Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Hacked Files Suggest NSA Penetrated SWIFT, Mideast Banks

Files released by the mysterious hacker Shadow Brokers suggested Friday the US National Security Agency had penetrated the SWIFT banking network and monitored a number of Middle East banks.

Files released by the mysterious hacker Shadow Brokers suggested Friday the US National Security Agency had penetrated the SWIFT banking network and monitored a number of Middle East banks.

The files, according to computer security analysts, also showed the NSA had found and exploited numerous vulnerabilities in a range of Microsoft Windows products widely used on computers around the world.

Analysts generally accepted the files, which show someone exploiting so-called “zero-day” or hitherto unknown vulnerabilities in common software and hardware, came from the NSA.

They are believed stolen from a hyper-secret hacking unit dubbed the “Equation Group” at the key US signals intelligence agency.

“The tools and exploits released today have been specifically designed to target earlier versions of Windows operating system,” said security specialist Pierluigi Paganini on the Security Affairs website.

They “suggest the NSA was targeting the SWIFT banking system of several banks around the world.”

The files appear to indicate that the NSA had infiltrated two of SWIFT’s service bureaus, including EastNets, which provides technology services in the Middle East for the Belgium-based SWIFT and for individual financial institutions.

Advertisement. Scroll to continue reading.

Via that entry point the agency appears to have monitored transactions involving several banks and financial institutions in Kuwait, Dubai, Bahrain, Jordan, Yemen and Qatar.

In a statement on its website EastNets rejected the allegations. 

“The reports of an alleged hacker-compromised EastNets Service Bureau network is totally false and unfounded,” it said.

“We can confirm that no EastNets customer data has been compromised in any way.”

SWIFT said in a statement that the allegations involve only its service bureaus and not its own network.

“There is no impact on SWIFT’s infrastructure or data, however we understand that communications between these service bureaus and their customers may previously have been accessed by unauthorized third parties.”

“We have no evidence to suggest that there has ever been any unauthorized access to our network or messaging services.”

Shadow Brokers first surfaced last year offering for sale a suite of hacking tools from the NSA. There were no takers at the price stated of tens of millions of dollars, and since then the hacker or hackers have leaked bits of the trove for free.

Analysts say many of the exploits revealed appear to be three years old or more, but have some unknown vulnerabilities that could still be used by other hackers.

No one has yet discovered the identity of Shadow Brokers, or of the hackers that gained access to the NSA materials.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.