A prominent hacking group has allegedly leaked documents and tools from 2013 belonging to the NSA. This cache of data contains a targeted list of at least 29 financial institutions from the Arab World. The leak is in 3 parts, divided by SWIFT, Windows , and Oddjob (miscellaneous).
In August 2016 a group under the name of “Shadow Brokers” claimed that they have hacked an NSA controlled hacking group known as “Equation Group”. Further to that they also posted a number of hacking tools that they alleged were being used by NSA. Shadow Brokers also claimed that they have huge data that reflects the actual compromise of global organization and details of each hack AND offered to provide that data to whoever will pay them 1 million bitcoins.
On April 8th 2017 the Shadow Brokers released more of the hacking tools that allegedly were being used by NSA controlled Equation group. On April 11th 2017 the Shadow Brokers revealed the password of the data dump that they had earlier posted as data revealing the names and details of the organizations that NSA had breached in 2013 and was maintaining access to those organization.
The analysis of that data revealed the following:
1. The main target of this hack project were the banks in Arab World and Latin America, through “SWIFT Alliance Access” client software
2. For Arab World banks, the hack was executed by first hacking into the Middle East SWIFT service bureau “EastNets”
3. Secondly through EastNets the attackers breached the VPN gateway of target organization and finally reaching up to the Swift Alliance Access system within the target organization’s network
4. This hacking operation was named “JEEPFLEA_MARKET” specifically for collecting data from Arab World and “JEEPFLEA_POWDER” for collecting data from Latin America
5. The data also has complete details of EastNets internal IT Architecture, Network topology details and System details of all servers.
6. Listing of institutions is in 2 xlsx files: JEEPFLEA_MARKET_UAE.XLSX & JEEPFLEA_MARKET Implants.xlsx