{ "id": "9e0d251f-5eec-4b27-9154-5c9a0c088e5f", "created_at": "2026-04-06T00:17:50.76257Z", "updated_at": "2026-04-10T03:26:53.187105Z", "deleted_at": null, "sha1_hash": "aca4298657c9d58affa0931d20bf93ceebc89d93", "title": "New NSA leak may expose its bank spying, Windows exploits", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 47071, "plain_text": "New NSA leak may expose its bank spying, Windows exploits\r\nBy by Michael Kan U.S. Correspondent\r\nPublished: 2017-04-14 · Archived: 2026-04-05 14:30:14 UTC\r\nThe Shadow Brokers latest leak may be its most damaging one to date, according\r\nto security researchers\r\nA hacking group has released suspected U.S. government files that show the National Security Agency may have\r\nspied on banks across the Middle East.\r\nNumerous Windows hacking tools are also among the new batch of files the Shadow Brokers dumped Friday. In\r\nrecent months, the mysterious group has been releasing hacking tools allegedly taken from the NSA, and security\r\nresearchers say they actually work.\r\nFriday’s leak includes an archive describing the internal architecture at EastNets, a Dubai-based anti-money\r\nlaundering company that also offers services related to SWIFT, the financial banking network.\r\nThe leaked files show the NSA was allegedly targeting EastNets in Dubai, Belgium, and Egypt.  \r\nAmong the documents is a PowerPoint presentation designated as top secret. It mentions “ongoing collection”\r\nfrom servers owned by financial institutions in the United Arab Emirates, Yemen, Kuwait, Palestine, and Bahrain.\r\nThe files appear to include logs from 2013 that show the NSA was also targeting oil and investment companies\r\nacross the Middle East.\r\nIf the files are real, the exposed information represents a threat to the SWIFT network, said Matt Suiche, founder\r\nof security firm Comae Technologies, who has been looking over the leaked files.\r\n“This is the first time to date that so much information had been published on how a SWIFT Service Bureau\r\nactually works and its internal infrastructure,” he wrote in a blog post. \r\nHowever, EastNets called reports that it had been hacked “totally false and unfounded.” The company has checked\r\nits servers and found no compromise or any vulnerabilities.\r\n“The photos shown on Twitter, claiming compromised information, is about pages that are outdated and obsolete,\r\ngenerated on a low-level internal server that is retired since 2013,” the company said in a statement.\r\nThe group behind the leak, the Shadow Brokers, didn’t clearly explain why they dumped the files. But in addition\r\nto the documents, the hackers also released what appears to be an arsenal of Windows-based hacking tools —\r\nsome of which target previously unknown vulnerabilities.\r\n“This isn’t a data dump, this is a damn Microsoft apocalypse,” tweeted a security researcher who goes by the\r\nname Hacker Fantastic. \r\nhttps://www.csoonline.com/article/3190055/new-nsa-leak-may-expose-its-bank-spying-windows-exploits.html\r\nPage 1 of 2\n\nResearchers are still pouring over the leaked documents, but they’ve noticed the tools target Windows XP,\r\nWindows Server 2003, Windows 7 and 8, among other software products such as Lotus Notes, now called IBM\r\nNotes. Any hackers can now download the tools and learn from them.\r\nOn Friday, Microsoft also said it was still studying the leak, and it “will take the necessary actions to protect our\r\ncustomers.”\r\nIn a short posting written in broken English, the Shadow Brokers warned on Friday they had more files to dump.  \r\nEarlier this month, the group reappeared after a hiatus and wrote a blog post criticizing U.S. President Donald\r\nTrump for ordering an airstrike in Syria and “abandoning” his voters.\r\n“Maybe if all surviving WWIII, theshadowbrokers be seeing you next week,” the group wrote on Friday.\r\nSecurity researchers say the group’s latest leak is the most damaging one to date. “It’s a huge slap on the face of\r\nNSA,” said Bulgarian antivirus expert Vesselin Bontchev in an email.\r\nTell us what you think. Leave a comment on our Facebook page.\r\nSource: https://www.csoonline.com/article/3190055/new-nsa-leak-may-expose-its-bank-spying-windows-exploits.html\r\nhttps://www.csoonline.com/article/3190055/new-nsa-leak-may-expose-its-bank-spying-windows-exploits.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA", "MISPGALAXY", "Malpedia" ], "references": [ "https://www.csoonline.com/article/3190055/new-nsa-leak-may-expose-its-bank-spying-windows-exploits.html" ], "report_names": [ "new-nsa-leak-may-expose-its-bank-spying-windows-exploits.html" ], "threat_actors": [ { "id": "d4f7cf97-9c98-409c-8b95-b80d14c576a5", "created_at": "2022-10-25T16:07:24.561104Z", "updated_at": "2026-04-10T02:00:05.03343Z", "deleted_at": null, "main_name": "Shadow Brokers", "aliases": [], "source_name": "ETDA:Shadow Brokers", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "171b85f2-8f6f-46c0-92e0-c591f61ea167", "created_at": "2023-01-06T13:46:38.830188Z", "updated_at": "2026-04-10T02:00:03.114926Z", "deleted_at": null, "main_name": "The Shadow Brokers", "aliases": [ "Shadow Brokers", "ShadowBrokers", "The ShadowBrokers", "TSB" ], "source_name": "MISPGALAXY:The Shadow Brokers", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434670, "ts_updated_at": 1775791613, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/aca4298657c9d58affa0931d20bf93ceebc89d93.pdf", "text": "https://archive.orkl.eu/aca4298657c9d58affa0931d20bf93ceebc89d93.txt", "img": "https://archive.orkl.eu/aca4298657c9d58affa0931d20bf93ceebc89d93.jpg" } }