Hacking tools leaked last year and believed to belong to the US National Security Agency (NSA) contain an utility for detecting the presence of malware developed by other cyber-espionage groups.
This utility, going by the codename of "
Territorial Dispute," is meant to alert NSA operators about the presence of other APT hacking groups on a compromised computer and allows an NSA operator to retreat from an infected machine and avoid further exposure of NSA hacking tools and operations to other nation-state attackers.
Territorial Dispute overlooked because of EternalBlue
Despite being included in an archive that the Shadow Brokers
leaked online last April, the nature of the Territorial Dispute utility has remained unknown until last week, when a group of Hungarian researchers described the tool in a report presented at the Kaspersky SAS security conference.
The main reason why the nature of the Territorial Dispute utility took so long to determine was because it was included in the same Shadow Brokers leak that also incorporated EternalBlue, the exploit used in the WannaCry ransomware outbreak, but also EternalRomance, EternalSynergy, FuzzBunch, and other top-shelf hacking tools.
Despite not being an offensive cyber-weapon, Territorial Dispute speaks volumes about the NSA's modus operandi. It's been well-known in infosec circles that US nation-state hackers don't operate as other cyber-espionage groups.
...
...
...
...
