In mid-April hacker group, The Shadow Brokers released a package of confidential NSA documents including computer codes for exploits, implants, and other hacking tools. Through reverse engineering and tutorials available on the dark web, cybercriminals have infiltrated hundreds of thousands of computers running Windows with this NSA malware. The use of this cyber weapon proves just how quickly a complex attack can be adopted and launched with potentially catastrophic results.

NSA malware implant codes were released by The Shadow Brokers hacking group and hundreds of thousands of Windows computers are now infected.

NSA Malware Implants

The leaked NSA documents contained a cache of codes for previously unknown software. A variety of implant codes gave the NSA the power to hack into Windows computers and observe communications or implant other software.


All three NSA malware codes act as communication interceptors and docking stations for future software downloads. The NSA used these codes to automate malware deployment so members of the Tailored Access Operations group could easily target and infect individuals. Once the code is implanted it doesn’t create a software port but instead sits on the memory listening and observing, until it receives an action code.



During the initial reports of the NSA malware leak, all the codes released were considered particularly dangerous because they were all zero-day exploits for previously undisclosed vulnerabilities. However, it turns out that The Shadow Brokers had been threatening Microsoft with a leak of these vulnerabilities since August 2016, and Microsoft had already patched many of the issues in a recent security update. Unfortunately, because many users don’t keep their software up to date an estimated 65% of Windows users (~5 million people) are still vulnerable.