A Sporty Cyber Centric Write Up with Key Information Left Out
January 10, 2022
I read “Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers.” The main point of the write up is that some clever cyber people have been working to figure out how a particular exploit works. The exploit is called DanderSpritz, which is a full featured framework for obtaining useful information from a target system. The Shadow Brokers leaded the software in 2017. It took the folks writing the article four years to figure out the method. Non US outfits figured it out more quickly. What’s left out of the write up?
I noted these omissions:
- Details of the DanderSpritz methods incorporated into other exploit tools
- Explanation of who and what the Equation Group is. The Web site link does not provide substantive information.
- Why do long between the release of the exploit and a public analysis?
Personally I would not get too frisky when it comes to the Equation Group. I apply this type of thinking to any outfit conveniently located near an NSA facility. In the case of Shadow Brokers, my recollection is that this outfit found a way to obtain Equation Group code. My hunch is that this is a sore point for the Equation Group, and the embarrassment of the DanderSpritz dump may still cause some red faces.
Stephen E Arnold, January 7, 2022