The new leak appears to disclose NSA tactics.
Shadow Brokers, a secretive online group that in August published details of hacking tools allegedly belonging to the NSA, released new leaks this week that appear to expose more of the agency’s cyber strategies, as well as those from multiple foreign countries.
The leak discloses NSA-style code names, including “Jackladder” and “Dewdrop,” the Associated Press reports.
It also appears to offer a list of servers compromised by the Equation Group, a separate hacking organization with ties to the NSA.
In a post on Medium in broken English, Shadow Brokers referenced Equation Group twice and suggested that its motivation for exposing the server information was related to the US presidential election.
The post also demands a ransom payment, although it does not suggest a specific amount of money.
Named after its penchant for encryption algorithms, the Equation Group has hacked targets in more than 30 countries—including Iran, Russia, Pakistan, Afghanistan, India, and China, according to security firm Kaspersky.
Its focus is on government, nuclear research, military, and nanotechnology organizations, as well as companies developing cryptographic technologies.
The hackers’ malware can reprogram hard drive firmware, and has been found on devices from Seagate, Western Digital, and Samsung.
The exploit, carried out via physical interceptions like infected USB drives and CD-ROMs, is undetectable and cannot be removed.
It is unclear how Shadow Brokers wound up with data from Equation Group.
This week’s leak also raises questions about possible ties to Harold Martin, the former NSA contractor who was arrested in August for allegedly stealing more than 50 terabytes of classified data.
Authorities are attempting to prove that the Equation Group got its information from Martin.