TSB is a mysterious group that appeared in the summer of 2016 when they dumped Attack.Databreach on GitHub and other sites a trove of files they claim to have stolen Attack.Databreach from the Equation Group , a codename given to a cyber-espionage group many cyber-security experts believe to be the NSA . In their original announcement , the group dumped Attack.Databreach a collection of free files so that cyber-security experts can validate the veracity of their claims . In addition , the group also released Attack.Databreach a second set of files , which were encrypted with a password the group promised to provide to the winner of online bidding war . As no one stepped forward , the group started selling some of these tools individually last December but eventually called it quits in January , announcing their retirement just ahead of President Trump 's inauguration . Now , the group is back , and the reason why , according to a post published on their Medium blog , is because of Trump 's political moves , which appear to have angered the group . The reasons , as listed by the Shadow Brokers , are below , in original : The politically-charged message ends with the password for the rest of the supposed NSA hacking tools they group released last summer . The first cache of NSA hacking tools contained quite a lot of material , such as zero-day exploits and tools to bypass firewalls ( Cisco , Fortinet , Juniper , and TOPSEC ) , a toolkit to extract VPN keys , backdoors for Linux systems , and several Windows exploits . This second cache is quite fresh , and security researchers have n't had the time to search it in its entirety

TSB is a mysterious group that appeared in the summer of 2016 when they dumped Attack.Databreach on GitHub and other sites a trove of files they claim to have stolen Attack.Databreach from the Equation Group , a codename given to a cyber-espionage group many cyber-security experts believe to be the NSA . In their original announcement , the group dumped Attack.Databreach a collection of free files so that cyber-security experts can validate the veracity of their claims . In addition , the group also released Attack.Databreach a second set of files , which were encrypted with a password the group promised to provide to the winner of online bidding war . As no one stepped forward , the group started selling some of these tools individually last December but eventually called it quits in January , announcing their retirement just ahead of President Trump 's inauguration . Now , the group is back , and the reason why , according to a post published on their Medium blog , is because of Trump 's political moves , which appear to have angered the group . The reasons , as listed by the Shadow Brokers , are below , in original : The politically-charged message ends with the password for the rest of the supposed NSA hacking tools they group released last summer . The first cache of NSA hacking tools contained quite a lot of material , such as zero-day exploits and tools to bypass firewalls ( Cisco , Fortinet , Juniper , and TOPSEC ) , a toolkit to extract VPN keys , backdoors for Linux systems , and several Windows exploits . This second cache is quite fresh , and security researchers have n't had the time to search it in its entirety

On Thursday , the Shadow Brokers dumped Attack.Databreach them online after an attempt to sell these and other supposedly Windows and Unix hacking tools for bitcoin . The Shadow Brokers made news back in August when they dumped Attack.Databreach hacking tools for routers and firewall products that they claimed came from the Equation Group , a top cyberespionage team that some suspect works for the NSA . Those tools contained several previously unknown and valuable exploits , lending credibility to the hacking group 's claims , according to security researchers . The Shadow Brokers ' latest dump Attack.Databreach includes 61 files , many of which have never been seen by security firms before , said Jake Williams , founder of Rendition InfoSec , a security provider . He ’ s been examining the tools , and said it ’ ll take time to verify their capabilities . His initial view is that they ’ re designed for detection evasion . For instance , one of the tools is built to edit Windows event logs . Potentially , a hacker could use the tool to selectively delete notifications and alerts in the event logs , preventing the victim from realizing they ’ ve been breached , he said . “ If you simply remove a record or two , then even an organization that is following the best security practices , presumably , wouldn ’ t notice the change , ” he said . On Thursday , the Shadow Brokers said they released the Windows hacking tools for free because a Kaspersky Lab ’ s antivirus product could already flag them as harmful . The clandestine group previously tried to auction off a whole set of hacking tools for 1 million bitcoins or what was at the time US $ 584 million . But after several months , that auction only managed to generate 10 bitcoins . “ Despite theories , it always being about bitcoins for TheShadowBrokers , ” the group said in broken English in their supposed final message . However , Williams believes the Shadow Brokers are likely spies working for the Russian government . This latest dump was a message to the U.S , he said . In recent weeks , U.S. intelligence agencies have been claiming the Kremlin tried to influence the U.S. election . Based on those findings , President Barack Obama has already ordered sanctions against Russia and vowed covert action . “ If they are Russian , this is a shot across the bow , ” Williams said . It ’ s unclear how the Shadow Brokers managed to steal Attack.Databreach the hacking tools . The group has said their arsenal of supposed Linux and Windows-based hacking tools is still up for sale at 10,000 bitcoins . On Thursday , Microsoft said it 's investigating this latest batch of hacking tools that have been released

On Thursday , the Shadow Brokers dumped Attack.Databreach them online after an attempt to sell these and other supposedly Windows and Unix hacking tools for bitcoin . The Shadow Brokers made news back in August when they dumped Attack.Databreach hacking tools for routers and firewall products that they claimed came from the Equation Group , a top cyberespionage team that some suspect works for the NSA . Those tools contained several previously unknown and valuable exploits , lending credibility to the hacking group 's claims , according to security researchers . The Shadow Brokers ' latest dump Attack.Databreach includes 61 files , many of which have never been seen by security firms before , said Jake Williams , founder of Rendition InfoSec , a security provider . He ’ s been examining the tools , and said it ’ ll take time to verify their capabilities . His initial view is that they ’ re designed for detection evasion . For instance , one of the tools is built to edit Windows event logs . Potentially , a hacker could use the tool to selectively delete notifications and alerts in the event logs , preventing the victim from realizing they ’ ve been breached , he said . “ If you simply remove a record or two , then even an organization that is following the best security practices , presumably , wouldn ’ t notice the change , ” he said . On Thursday , the Shadow Brokers said they released the Windows hacking tools for free because a Kaspersky Lab ’ s antivirus product could already flag them as harmful . The clandestine group previously tried to auction off a whole set of hacking tools for 1 million bitcoins or what was at the time US $ 584 million . But after several months , that auction only managed to generate 10 bitcoins . “ Despite theories , it always being about bitcoins for TheShadowBrokers , ” the group said in broken English in their supposed final message . However , Williams believes the Shadow Brokers are likely spies working for the Russian government . This latest dump was a message to the U.S , he said . In recent weeks , U.S. intelligence agencies have been claiming the Kremlin tried to influence the U.S. election . Based on those findings , President Barack Obama has already ordered sanctions against Russia and vowed covert action . “ If they are Russian , this is a shot across the bow , ” Williams said . It ’ s unclear how the Shadow Brokers managed to steal Attack.Databreach the hacking tools . The group has said their arsenal of supposed Linux and Windows-based hacking tools is still up for sale at 10,000 bitcoins . On Thursday , Microsoft said it 's investigating this latest batch of hacking tools that have been released

This is part of an ongoing Motherboard series on the proliferation of phone cracking technology , the people behind it , and who is buying it . Motherboard has obtained 900 GB of data related to Cellebrite , one of the most popular companies in the mobile phone hacking industry . The cache includes customer information , databases , and a vast amount of technical data regarding Cellebrite 's products . The breach Attack.Databreach is the latest chapter in a growing trend of hackers taking matters into their own hands , and stealing Attack.Databreach information from companies that specialize in surveillance or hacking technologies . Cellebrite is an Israeli company whose main product , a typically laptop-sized device called the Universal Forensic Extraction Device ( UFED ) , can rip data Attack.Databreach from thousands of different models of mobile phones . That data can include SMS messages , emails , call logs , and much more , as long as the UFED user is in physical possession of the phone . Cellebrite is popular with US federal and state law enforcement , and , according to the hacked data , possibly also with authoritarian regimes such as Russia , the United Arab Emirates , and Turkey . The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company 's my.cellebrite domain . This section of the site is used by customers to , among other things , access new software versions . In the majority of cases , this was not possible because the email address was already in use . A customer included in the data confirmed some of their details . The dump also contains what appears to be evidence files from seized mobile phones , and logs from Cellebrite devices . According to the hacker , and judging by timestamps on some of the files , some of the data may have been pulled Attack.Databreach from Cellebrite servers last year . `` Cellebrite recently experienced unauthorized access to an external web server , '' the company said in a statement on Thursday after Motherboard informed it of the breach . `` The company is conducting an investigation to determine the extent of the breach . The impacted server included a legacy database backup of my.Cellebrite , the company 's end user license management system . The company had previously migrated to a new user accounts system . Presently , it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system , '' the statement continues . Cellebrite advised customers to change their passwords as a precaution , and added that it is working with relevant authorities to assist in their investigation . Access to Cellebrite 's systems has been traded among a select few in IRC chat rooms , according to the hacker . `` To be honest , had it not been for the recent stance taken by Western governments no one would have known but us , '' the hacker told Motherboard . The hacker expressed disdain for recent changes in surveillance legislation . In 2014 a hacker calling themselves `` PhineasFisher '' publicly released 40GB of data from surveillance company Gamma International . Gamma makes intrusion software that can remotely switch on a target 's webcam , siphon off Attack.Databreach their emails , and much more . The following year , PhineasFisher targeted Italian company Hacking Team , and published Attack.Databreach a trove of emails and other internal documents from the company . Although the terms of this Cellebrite breach Attack.Databreach are somewhat different—the hacker has not dumped Attack.Databreach the files online for anyone to download—similarities seem to remain , especially in the hacker 's vigilante motivation .

Leading French presidential candidate Emmanuel Macron ’ s campaign said on Friday it had been the target of a “ massive ” computer hack Attack.Databreach that dumped Attack.Databreach its campaign emails online 1-1/2 days before voters choose between the centrist and his far-right rival , Marine Le Pen . Macron , who is seen as the frontrunner in an election billed as the most important in France in decades , extended his lead over Le Pen in polls on Friday . As much as 9 gigabytes of data were posted on a profile called EMLEAKS to Pastebin , a site that allows anonymous document sharing . It was not immediately clear who was responsible for posting the data or if any of it was genuine . In a statement , Macron ’ s political movement En Marche ! ( Onwards ! ) confirmed that it had been hacked . “ The En Marche Movement has been the victim of a massive and co-ordinated hack Attack.Databreach this evening which has given rise to the diffusion on social media of various internal information , ” the statement said . An interior ministry official declined to comment , citing French rules that forbid any commentary liable to influence an election , which took effect at midnight on Friday ( 2200 GMT ) . The presidential election commission said in statement that it would hold a meeting later on Saturday after Macron ’ s campaign informed it about the hack Attack.Databreach and publishing of the data . Former economy minister Macron ’ s campaign has previously complained about attempts to hack Attack.Databreach its emails , blaming Russian interests in part for the cyber attacks Attack.Databreach . On April 26 , the team said it had been the target of a attempts to steal Attack.Databreach email credentials dating back to January , but that the perpetrators had failed to compromise Attack.Databreach any campaign data . The Kremlin has denied it was behind any such attacks , even though Macron ’ s camp renewed complaints against Russian media and a hackers ’ group operating in Ukraine . Vitali Kremez , director of research with New York-based cyber intelligence firm Flashpoint , told Reuters his review indicates that APT 28 , a group tied to the GRU , the Russian military intelligence directorate , was behind the leak . He cited similarities with U.S. election hacks that have been previously attributed to that group . APT28 last month registered decoy Attack.Phishing internet addresses to mimic Attack.Phishing the name of En Marche , which it likely used send Attack.Phishing tainted emails to hack into the campaign ’ s computers , Kremez said . Those domains include onedrive-en-marche.fr and mail-en-marche.fr . “ If indeed driven by Moscow , this leak appears to be a significant escalation over the previous Russian operations aimed at the U.S. presidential election , expanding the approach and scope of effort from simple espionage efforts towards more direct attempts to sway the outcome , ” Kremez said . France is the latest nation to see a major election overshadowed by accusations of manipulation through cyber hacking . En Marche said the documents only showed the normal functioning of a presidential campaign , but that authentic documents had been mixed on social media with fake ones to sow “ doubt and misinformation ” . Ben Nimmo , a UK-based security researcher with the Digital Forensic Research Lab of the Atlantic Council think tank , said initial analysis indicated that a group of U.S. far-right online activists were behind early efforts to spread the documents via social media . They were later picked up and promoted by core social media supporters of Le Pen in France , Nimmo said . The leaks emerged on 4chan , a discussion forum popular with far right activists in the United States . An anonymous poster provided links to the documents on Pastebin , saying , “ This was passed on to me today so now I am giving it to you , the people . ”

A hacker that goes by the nickname of Cipher0007 has hacked the Sanctuary Dark Web marketplace . The hacker announced the breach a few hours ago and also posted proof of his intrusion . According to Cipher0007 , the hack took place after he found Vulnerability-related.DiscoverVulnerability an SQL injection flaw in the market 's database . The hacker claims Vulnerability-related.DiscoverVulnerability he used the SQL injection flaw to upload a shell on the market 's server . He then used this backdoor to access Attack.Databreach various parts of the backend and dumped Attack.Databreach the private key used to generate the market 's .onion URL . Cipher0007 also says he used the market 's phpMyAdmin installation to dump Attack.Databreach details on the database configuration and other login information . At the time of writing , the market 's phpMyAdmin login page was still exposed to external connections . To prove his claims , the hacker posted online a screengrab while uploading the shell to the Sanctuary market 's server , the market 's 1024 bit RSA private key , and the market 's root account database login information . The Sanctuary market is a small Dark Web market , and one of the few places where digital products such as data dumps , malware , and others , are far more prevalent than drugs and weapons . The admin of the Sanctuary market did not respond to a request for comment from Bleeping Computer in time for this article 's publication . Cipher0007 has a reputation in the hacking underground already . In January , the hacker collected an unspecified Bitcoin reward for reporting Vulnerability-related.DiscoverVulnerability a bug to the AlphaBay staff that would have allowed an attacker access to over 218,000 private messages . AlphaBay is today 's biggest Dark Web market , and access to those PMs would have allowed an attacker insight into the operations of many sellers and vendors .

A miscreant using the handle @ cyberzeist claims Vulnerability-related.DiscoverVulnerability to have infiltrated Plone CMS used by FBI.gov , using a zero day flaw allegedly for sale on an unnamed dark web site . The Register has contacted the FBI to confirm the allegations . The agency was not immediately available for comment – although a staffer said they were aware of the alleged break-in . Cyberzeist claims to have conducted the hack last month and has posted to Twitter what they claim are screen captures showing the FBI patching Vulnerability-related.PatchVulnerability against the vulnerability , which appeared to permit public access . The hacker dumped Attack.Databreach the 155 purported stolen credentials to online clipboard pastebin , claiming Vulnerability-related.DiscoverVulnerability a vulnerability resides in Vulnerability-related.DiscoverVulnerability a Plone Python module . Cyberzeist also claimed the FBI contacted the hacker requesting a copy of the stolen credentials , which they declined to provide . The hacker reckoned the CMS was hosted on a virtual machine running a custom FreeBSD . They said they will tweet the zero day flaw once it is no longer for sale .