Researchers at security firm Fox-IT have developed a tool that allows investigators to detect the use of specific NSA-linked malware and recover event log data it may have deleted from a machine. The group calling itself Shadow Brokers has published several tools and exploits stolen from the Equation Group, cyberspies believed to be working for the U.S. National Security Agency (NSA). One of the tools leaked by the Shadow Brokers in April is DanderSpritz, a post-exploitation framework that allows hackers to harvest data, bypass and disable security systems, and move laterally within a compromised network.
Read more