A Sporty Cyber Centric Write Up with Key Information Left Out

January 10, 2022

I read “Experts Detail Logging Tool of DanderSpritz Framework Used by Equation Group Hackers.” The main point of the write up is that some clever cyber people have been working to figure out how a particular exploit works. The exploit is called DanderSpritz, which is a full featured framework for obtaining useful information from a target system. The Shadow Brokers leaded the software in 2017. It took the folks writing the article four years to figure out the method. Non US outfits figured it out more quickly. What’s left out of the write up?

I noted these omissions:

Details of the DanderSpritz methods incorporated into other exploit tools
Explanation of who and what the Equation Group is. The Web site link does not provide substantive information.
Why do long between the release of the exploit and a public analysis?

Personally I would not get too frisky when it comes to the Equation Group. I apply this type of thinking to any outfit conveniently located near an NSA facility. In the case of Shadow Brokers, my recollection is that this outfit found a way to obtain Equation Group code. My hunch is that this is a sore point for the Equation Group, and the embarrassment of the DanderSpritz dump may still cause some red faces.

Stephen E Arnold, January 7, 2022

Written by Stephen E. Arnold · Filed Under cybercrime, Government, News

Comments

Comments are closed.

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.