Russian-linked Hackers Gang Reportedly Behind NHS Hack Using Stolen ‘Cyber Weapon’ from American Spying Agency

Zara Ali
NHS attack

The massive cyber attack on NHS left the everyone thinking about the origin of hackers. Now, according to the latest report, the gang could have alleged links to Russia. The cyber attack is possibly a reprisal for attacks on Syria by the US.

In April, a mysterious hacker group called Shadow Brokers went on claiming that it has stolen a ‘cyber weapon’ from an American spying agency. The group claimed that the tool would give it an open access to all the systems running Microsoft Windows operating system. Thes stolen cyber weapon belonged to the National Security Agency (NSA), which is America’s most powerful military intelligence unit. NSA developed the ‘Eternal Blue’ hacking weaponry to fetch access to systems used by extremist groups and enemy states.

Related StoryRafia Shaikh
Intelligence Coup of the Century: How CIA Secretly Sold Compromised Encryption Devices Through a Swiss Company to Over 120 Countries

However, the tool, unfortunately, landed in the hands of Shadow Brokers. The hacker gang used the weapon through an obscure website on April 14, a day after the chemical attack on Syria. Many industry experts believe that the day chosen for the cyber attack clearly indicates that Shadow Brokers is linked to the Russian government.

Interestingly, a week before the attack, the hacker gang issued a warning to President Trump via Medium:

Respectfully, what the f*** are you doing? The Shadow Brokers voted for you. The Shadow Brokers supports you. The Shadow Brokers is losing faith in you. Mr. Trump helping the Shadow Brokers, helping you. Is appearing you are abandoning ‘your base’, ‘the movement’, and the peoples who getting you elected.

Many believe that Shadow Brokers dumped ‘Eternal Blue’ cyber weapon after using it once. The tool was later picked by another hacker gang who used it to get remote access to computers and orchestrated the entire NHS breakdown. The same gang later went on developing another software using ransomware called WanaCrypt or WannaCry that hijacks systems and encrypts all the files on it. Leaving just one way for the victim - pay the ransom. In NHS' case, the ransom amount is $300 for each computer, paid in ‘bitcoins’ - a virtual currency. Most of the countries are plagued by the ransomware, which means they will surely try to track where the money is going. Bitcoin is definitely hard to track, but not impossible.

In a statement, Sean Sullivan, security adviser to F-Secure, a cyber security company, said:

Shadow Brokers obtained the NSA tools that exposed a vulnerability in Microsoft’s operating systems. They dumped the instructions detailing how to get in. The exploit is the ‘crowbar’ to open the door, and the ransomware is the ‘hand grenade’ you lob in once the door is open.

The hackers are also believed to have warned Microsoft about the stolen hacking tool. Following the warning, Microsoft came up with a "security patch, " but even the patch couldn't save systems dating back to 2009 and older. The spread of mostly older systems turned NHS into the most vulnerable victim of the attack.

Edward Snowden who is the NSA whistleblower claimed last year that Kremlin backs Shadow Brokers. He also tweeted that,“circumstantial evidence and conventional wisdom indicates Russian responsibility.”

People using Microsoft computers must install MS17-010 fix right now. We would like to urge our readers to be extremely careful of all the e-mails they get, specifically the ones with attachments.

Share this story

Deal of the Day