On Monday 15 August, a previously unknown group of hackers called The Shadow Brokers launched an auction for what they claimed was source code from the NSA-associated Equation Group. A sample of what was claimed to be Equation Group hacking tools was also released on github and a manifesto delivered on Pastebin.
This undated GCHQ training document details the requirements for analysts engaged in the reverse engineering of commercial antivirus software: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
These undated slides from GCHQ’s National Defence Intelligence and Security Team claim that the agency collects “around 100,000,000 malware events per day”: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
This GCHQ application for warrant renewal from June 2008 shows that the agency has been engaged in the reverse engineering of commercial antivirus software for the purposes of facilitating its hacking operations: see the Intercept article Popular Security Software Came Under Relentless NSA and GCHQ Attacks, 22 June 2015.
This page from GCHQ’s internal GCWIki, last modified on 25 June 2012, enumerates open-source data sets that are available in various agency databases: see the Intercept article Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise, 4 February 2015.
This extract of source code, presented here with a short introduction, appears to be part of the WARRIORPRIDE suite and was subsequently linked to the nation-state level malware Regin: see the Der Spiegel article The Digital Arms Race: NSA Preps America for Future Battle, 17 January 2015.
Originally published by the Intercept, 13 December 2014
This weekend, the Intercept published further corroborating evidence linking the advanced malware known as Regin to GCHQ’s Operation Socialist attack on Begium’s biggest telecommunications company, Belgacom.
24 November 2014 – Over the past 24 hours, security companies have released information about an advanced malware tool called Regin.
Symantec described Regin as “a complex piece of malware whose structure displays a degree of technical competence rarely seen”, concluding that the “capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.”
This internal NSA document from April 2013 gives background information to prepare for the then GCHQ Director’s visit on 30 April and 1 May; included topics include access to PRISM data, FLAME malware, Iran, Syria and Israel: see the Intercept article British Spy Chiefs Secretly Begged to Play in NSA’s Data Pools, 30 April 2014.