US security and networking firm Juniper Networks has confirmed that a number of exploits, reportedly stolen from the National Security Agency (NSA) and leaked online by a hacking group called The Shadow Brokers, affects a number of its NetScreen firewall products.
While Juniper – a seller of computer software, routers and network security products to large enterprises – has not detailed exactly which models or operating systems (OS) the toolkits can compromise, it claims an investigation is now underway.
"Juniper Networks is investigating the recent release of files reported to have been taken from the so-called Equation Group," said Derrick Scholl, Juniper's product security information response team, in a statement.
Scholl continued: "As part of our analysis of these files, we identified an attack against NetScreen devices running ScreenOS. We are examining the extent of the attack, but initial analysis indicates it targets the boot loader and does not exploit a vulnerability on ScreenOS devices."
Juniper Networks said it would continue to evaluate "exactly what level of access is necessary in order to execute the attack" and conduct more analysis to find out if any other devices on its product range were targeted.
Based on a list of the leaked NSA exploits, by cybersecurity researcher Mustafa Al-Bassam, at least two known agency implants – dubbed Bananaglee and Zestyleak – were able to infiltrate the security of Juniper products.
On 13 August, the mysterious Shadow Brokers announced – via social media and GitHub – that it had successfully stolen computer exploits used by an NSA-linked team called the Equation Group. The hackers, after releasing one file as proof of legitimacy, put the remaining trove up for 'auction' – demanding a massive 1m bitcoin – equivalent to over $550m.
Two other vendors implicated in the leaks, Fortinet and Cisco, have both subsequently released detailed security advisories and patches for the exploits, which were suddenly out in the wild for any hacker to use. After The Intercept trawled back through its Snowden documentation, it found evidence that signified the leak was real.
Neither the US government, nor the NSA, has commented on the disclosures at the time of writing. However, this is not the first time that Juniper Networks has been forced to be suspicious of its own domestic security services.
Last December, the firm found two pieces of "unauthorised code" in its 'ScreenOS' that could give hackers the ability to snoop on secure traffic travelling through virtual private networks (VPNs). As reported, researchers concluded that one of the backdoors was inserted between 2012 and 2014. At the time, the NSA was widely suspected to be the culprit.