UPDATE: Microsoft has issued patches for all supported modern systems. All Windows users should either update or upgrade immediately.

Hacking tools allegedly used by the National Security Agency were leaked online early Friday by the group known as “The Shadow Brokers.”

The mysterious entity, which last August also released a large cache of tools purportedly stolen from “the Equation Group,” an elite hacking team believed to be NSA, published it’s most substantial material yet by exposing powerful exploits against Microsoft Windows systems and targeted banks in the Middle East.

The dump, deemed “the most damaging” for the NSA since Edward Snowden by computer security expert Nicholas Weaver, includes numerous tools that utilize unknown exploits, or “zero days,” against every Windows operating system prior to version 10.

One tool, known as FUZZBUNCH, is causing concern among cybersecurity experts given its ability to automate the creation and deployment of NSA malware.

“This FUZZBUNCH framework contains the closest thing to a cyber weapon since Stuxnet,” Matthew Hickey, known as Hacker Fantastic, told tech outlet Motherboard. “It is packed full of exploits. It’s Metasploit but with zero-days.”

According to Weaver, the timing of the release is also troublesome given that countless hackers will now have access to the tools over the Easter weekend.

“Normally, dumping these kinds of documents on a Friday would reduce their impact by limiting the news cycle,” Weaver wrote. “But Friday is the perfect day to dump tools if your goal is to cause maximum chaos; all the script kiddies are active over the weekend, while far too many defenders are offline and enjoying the Easter holiday.”

Specific targets, according to former LulzSec hacker Mustafa Al-Bassam, include banking and oil companies in numerous Middle Eastern countries.

Although dated back to 2013, the tools, which are estimated to be worth as much as $2 million on the gray market, will likely be useful for years to come.

The NSA is now receiving criticism for reportedly not revealing the vulnerabilities, which The Shadow Brokers had hinted were coming back in January, to Microsoft after the tools were stolen – leaving millions of Windows users worldwide totally defenseless.

Speaking with The Intercept, a Microsoft representative confirmed that no one had contacted the company about the exploits prior to today’s data dump.

“At this time, other than reporters, no individual or organization has contacted us in relation to the materials released by Shadow Brokers,” the spokesperson said.

The Emergency Election Sale is now live! Get 30% to 60% off our most popular products today!

Related Articles