NSA Malware: Leaked Code Leaves Millions Vulnerable

In mid-April hacker group, The Shadow Brokers released a package of confidential NSA documents including computer codes for exploits, implants, and other hacking tools. Through reverse engineering and tutorials available on the dark web, cybercriminals have infiltrated hundreds of thousands of computers running Windows with this NSA malware. The use of this cyber weapon proves just how quickly a complex attack can be adopted and launched with potentially catastrophic results.

NSA malware implant codes were released by The Shadow Brokers hacking group and hundreds of thousands of Windows computers are now infected.

NSA Malware Implants

The leaked NSA documents contained a cache of codes for previously unknown software. A variety of implant codes gave the NSA the power to hack into Windows computers and observe communications or implant other software.


All three NSA malware codes act as communication interceptors and docking stations for future software downloads. The NSA used these codes to automate malware deployment so members of the Tailored Access Operations group could easily target and infect individuals. Once the code is implanted it doesn’t create a software port but instead sits on the memory listening and observing, until it receives an action code.



During the initial reports of the NSA malware leak, all the codes released were considered particularly dangerous because they were all zero-day exploits for previously undisclosed vulnerabilities. However, it turns out that The Shadow Brokers had been threatening Microsoft with a leak of these vulnerabilities since August 2016, and Microsoft had already patched many of the issues in a recent security update. Unfortunately, because many users don’t keep their software up to date an estimated 65% of Windows users (~5 million people) are still vulnerable.

Ever since these codes have been released to the cybercrime community, infiltration has dramatically increased. Right after the NSA malware leak, the estimated number of machines infected was around 30-50k, now that number has more than tripled to an estimated 150-200k worldwide, with the US getting hit the hardest.

150-200k Windows machines have been infected with the NSA malware worldwide.

The Future

The release of this NSA malware is going to have far-reaching impacts on cyberattack strategies for years to come. Hackers will be able to use these codes to implant their own malicious software variants and modify the code for future malware campaigns. The quick spread of the NSA malware shows just how quickly a cyber weapon could devastate international technology-related operations.

Malware Protection

This attack further demonstrates the need for in-depth malware protection across all vectors. Although this particular malware was not delivered via email, the most pervasive malware distribution method, it is still important to make sure you have advanced malware protection and robust email protection. Hackers will be able to continue infiltrating devices until everyone has updated their operating software, and by the time that happens they will have figured out another vulnerability – which will probably be delivered by email.

97% of malware is delivered via email.

These types of infiltrations can have devastating financial and legal consequences for enterprise organizations. The best way to protect against malware is with advanced email security. 97% of all malware is delivered through phishing emails, so targeting this threat at the source is the best way to protect your organization.

The Vade email security suite includes advanced malware protection. Our AI-backed software uses the largest threat database to protect against known and unknown threats, including new variations. Our layered-analysis approach looks at behavioral and technological indicators to ensure that emails are safe before thy end up in your employees’ inboxes.

Defend against known and unknown security threats with AI-backed malware protection.

Interested in learning more about Vade malware protection capabilities? Contact us and we would be happy to answer any of your questions or schedule a demo.