Shadow Brokers latest NSA leak has caught the interest of Chinese and Russian hackers, according to security researchers. Experts say that hackers in underground cybercrime communities are digging into the alleged malware strains included in Shadow Brokers latest dump. They also said that Chinese hackers claim patches released to fix the threats do not completely address underlying vulnerabilities, leaving the software susceptible to exploits.
Researchers at Recorded Future said that just three days after Shadow Brokers dumped the latest trove of data, a renowned cybercriminal belonging to a "top-tier" dark web community started offering detailed tutorials on how to weaponise the alleged NSA malware strains such as DoublePulsar and ExternalBlue.
Experts recently said that the DoublePulsar malware may have been exploited by hackers to launch a new wave of attacks and estimated that the malware may have already infected about 100,000 computers across the globe.
"Discussions in the Chinese and Russian cyber communities indicate that there is broad interest in these capabilities released by Shadow Brokers," Recorded Future researchers said. "Chinese users are particularly interested in the unique malware triggers and many feel the underlying vulnerability exploited by these toolsets has not been completely mitigated by the patches."
They also warned that Chinese advanced persistent threat (APT) groups' capabilities in quickly weaponise zero-day vulnerabilities "increase the risk that malicious Chinese actors may reuse or repurpose this malware".
The increased interest in the Shadow Brokers' latest leaks indicates that the threat of new attacks may still be in the offing.