Microsoft says users are protected from alleged NSA malware

The group has been posting files suspected to originate from the NSA since last August.

The files appear to indicate that the NSA had infiltrated two of SWIFT's service bureaus, including EastNets, which provides technology services in the Middle East for the Belgium-based SWIFT and for individual financial institutions. Microsoft typically reveals who reported various security flaws, but one researcher noticed that the company issued patches with the MS17-010 update last month, fixing some of the newly revealed NSA exploits, without noting any source for flaw reports.

The former official stated that it is government policy not to confirm whether the stolen data belonged to the NSA, and he could not confirm or deny whether any outreach has taken place to warn vendors of vulnerabilities.

The researcher was able to run numerous exploits found in the cache, according to a tweet.

The SWIFT system is used by banks to transfer trillions of dollars each day.

It is not clear how much of the SWIFT network the NSA compromised, but the agency did not manage to break into EasyNet partner Business Computer Group in Latin America. One collection of 15 exploits contains at least four Windows hacks that researches have already been able to replicate. Security researchers verifying whether the files were effective did not test them against the latest patches as there was no indication anything had changed. "There is no impact on SWIFT's infrastructure or data, however we understand that communications between these service bureaux and their customers may previously have been accessed by unauthorised third parties".

But the organisation said that the local messaging systems of some Swift client banks had been breached.

"Today, Microsoft triaged a large release of exploits made publicly available by ShadowBrokers". ASA stands for Adaptive Security Appliance and is a combined firewall, antivirus, intrusion prevention and virtual private network, or VPN.

We all know the NSA has the tools to spy on virtually everyone, but now hacking group Shadow Brokers has released a data dump that has allegedly come from the NSA, which details that the U.S. spy agency can hack worldwide banks - and more important, yl the SWIFT network through Windows PCs and servers that are used during global financial transfers.

This meant that "customers running Windows 7 and more recent versions of Windows or Exchange 2010 and newer versions of Exchange are not at risk".

That said, multiple experts said the sheer number of zero days released at the same time was unprecedented. "Customers still running prior versions of these products are encouraged to upgrade to a supported offering", Microsoft says.

EastNets yesterday described the reports as "totally false and unfounded", and said that an internal check of its servers had not uncovered any compromise or vulnerability. The US intelligence agency then used lines of code to query the SWIFT servers and Oracle databases handling the SWIFT transactions, according to the documents.

Related news