From WannaCry to NSA – An Overview of American Cyber Weapons

September 5, 2017

While WannaCry is a hot topic on the Internet, netizen may also wonder about its source – NSA cyber weapons. NSA is a military intelligence organization responsible for global monitoring, collection, and processing of information and data.

About WannaCry

WannaCry is a blackmail virus derived from EternalBlue – a hacker tool leaked from American National Security Agency (NSA), by a hacker organization named Lazarus Group. WannaCry reads source files on attacked computer, make a copy of the files and encrypt the copies, then delete original files. By locking victims’ files and make these files un-accessible, hackers require ransom in bitcoin form from victims within 3 days. If victims do not pay within the time limit, the price will doubled. Then, after another 4 days, all the encrypted files will be deleted without payment.


WannaCry has infected over 230,000 computers in about 150 countries and causing problems for a lot of public systems like hospitals, transportation, express delivery, communication, education, etc. Such a great loss cause by this ransomware! Yet, there are some computers which escaped from WannaCry attack.

About NSA

From Wikipedia: The NSA(National Security Agency) is a military intelligence organization and a constituent of the United States Department of Defense (DOD). The NSA is responsible for global monitoring, collection, and processing of information and data for foreign intelligence and counterintelligence purposes.


NSA was independent from American military department under a secret order of President Harry S. Truman in 1952. Then, it is used for intelligence communication and is the center of American intelligence organization.

NSA Cyber Weapons Was Stolen in August, 2016

In August, 2016, a hacker organization named Shadow Brokers claims that they have hacked in another hacker organization called Equation Group belongs to NSA. And they have NSA cyber weapons stolen. Such a shocking news that Microsoft chief clerk regards it as important as the theft of Tomahawk missiles.

NSA Hacking Team

The greatest hackers – Equation Group

Equation group is a department which NSA does not willing to get it known by the world. The group has been existed secretly for over 15 years until been discovered by laboratory of Kaspersky (world famous safe software provider established in 1997). It is said that time and money for the evil software development, technology support to military events and target block are all provided by government. There is hardly limitation to their programs; thus Equation Group become the greatest hack organization.

Equation Group Victims Map

Numerous Network Weapons

Laboratory of Kaspersky declares:” Exploiting network weapons, Equation Group had created about 500 attacks applying to over 42 countries, including Iran, Russia, Pakistan, Afghanistan, India, Syria and Mali.” Due to the self-destroyed code in evil software, Equation Group’s attacks are hard to be traced. Therefore, the hack tool revealed this time and the attack way revealed the time before only show a tip of the iceberg of NSA cyber weapons

NSA Cyber Threat

Introduction to Some of NSA’s Cyber Weapons

“Equation Group” was discovered and named by laboratory of Kaspersky. The source of the name is originating from their preference of using powerful encryption way during cyber-attack. In the past variety of attacks based on network, Equation Group had made use of worms, hard disk virus, spyware, etc.

Fanny Worms

Fanny worm is the strongest worm virus. It can invade network with networked gates through infecting USB flash drives. When a USB infected by Fanny worms inserted into computer, once the network is connected, the virus will gather information on the computer and send them to the hackers. If hackers want to run instructions on network with networked gates, they can input the instructions in the hidden space to USB disk through worms. When the USB hard drive is connected to target computer, worms can automatically figure out the instructions and carry out the order.



Regin spyware is an advanced invisible evil software which can avoid common antivirus software, discovered by Symantec in 2014. It is said that this spyware had been used to monitor governments, companies and personals since 2008 and it has relationship with NSA.

Regin Spyware

Regin enables hackers to do remote Trojan attack, including steal user password and data, hijack mouse clicking function, take snap from infected computer, monitor network traffic, analysis emails from Exchange database, etc.

Stuxnet Virus

It is said that Stuxnet is the first destroy virus programmed aiming at industry control system. It has complex construction and powerful concealment. Once the USB infected by this virus is inserted to the control server computer, without any further operation, it can take control of the system.

Stuxnet Virus

In the attack to Iranian nuclear facilities, Stuxnet changed the centrifuge engine speed while continue to send message telling that the centrifuge engine is working properly. Then, it result in destroy of centrifuge engine without notification.

Hard Disk Virus

In one report of Kaspersky laboratory, it said that NSA may implant virus into hard drives and rewrite the hard disk firmware of infected computer. The report says, since the hard disk firmware is rewritten, the virus may be activated when the hard drive is connected to power.

National Security Agency NSA Surveillance Spying

This evil software created a secret storage for information, which can deal with military-level disk wipe and format. The data pilfered from victims is still available even after reformat driver or reinstall OS.

PHP Invasion Code

Equation Group was discovered to attack Java software framework of Oracle or vulnerability of IE explorer using evil PHP invasion code. This attack involved in from technology product reviews to forum of Islamic jihad. Such invasion is as accurate as surgery and it can accomplish that only the certain target get infected. In one of the invasion example, the PHP script is especially avoid infecting IP in Jordan, Turkey and Egypt.

PHP Invasion Code

Shadow Brokers Claims to Reveal More Things about NSA

Hacker organization Shadow Brokers claims on social media Steemit on 16th that they will provide more data about NSA hacker tool and hacker data from the coming June on. However, the data will be revealed in newsletter only to paid subscribers. Those hacker tools include websites explorer, router, tools exploiting cellphone security vulnerability and Windows 10 vulnerability; hacker data include cyber data NSA theft by invading SWIFT (Society for Worldwide Interbank Financial Telecommunication) & the central bank systems of some countries, and, cyber data theft by invading nuclear & missile systems of Russia, Iran, North Korea, etc. countries.

The Shadow Broker NSA Hacking Tools

Back to Current RansomWare WannaCry

After learning something about NSA and its cyber weapons, you may worry about more ransomware, virus, evil software, spyware etc. in the future. Then, when it comes into being, what can we do? Yet, on the current situation, while WannaCry is spreading out quickly, what can we do?

Personally, you should pay more attention to your crucial data. Concluding from the past, any cyber-attack is aiming at data. If you keep complete protection to your important data, you won’t worry about them anymore! To give your data an overall protection, the traditional but safest way is to make a backup of them to another safer place, maybe external hard disks, USB flash drives, cloud storages, etc. then, disconnect the external storage and keep it in safe place.

Data Backup Software

To back up your important data, you first need a professional and safe data backup software like AOMEI Backupper Free (especially for ransomware WannaCry). Then, create backups under the guidance. Finally, raise a good habit of backing up personal data regularly in case of unexpected accidents.