All that you need to know About NSA’s Equation Group!

First Hand Details: TEG (The Equation Group) is NSA’s team of hackers who’d write code to exploit systems worldwide. Some of the private files were recently dropped by a group called Shadow Brokers & they’ve auctioned it in exchange for BTC bids .. I could trail back to the below mentioned keys which were earlier released previous week by Snowden (if anyhow it’s linked {it’s just sitting here for references}):

Snowden Tweets about a key

Probable Agenda: As taken inputs from different sources to explain & focus the agenda – there are different versions of the primary agenda as below:


  1. Wikileaks Intention to release the same files
  2. RT’s version of Cyber Weapon Disclosures
  3. Sputnik’s version of Malware Scandal by NSA
  4. Analysis suggests revisions of malware & resemblance to older versions

Shadowbroker & Equation Group are the same & the revisions?

Official Sources Timeline:

  1. The first official after Wikileaks probability of intent to disclose the same set of files, Edward Snowden comes up with a teensy bit of a diplomatic pressure statement.

Snowden Tweets Officially in links with the "The Equation Group's" files

Some Analysis of the released files Reported:

  1. Analysis by Risk Based Security over The Equation’s Group Files
  2. Analysis by Matt Suiche, MVP – Microsoft via Medium

Solved Proof Of Concept & it’s Working State:

  1. XORCat’s EXBE (ExtraBacon) POC from TEG file: The exploits appear to be targeting firewalls, particularly Cisco PIX/ASA, Juniper Netscreen, Fortigate, and more as per analyst.

Questions: The Equation Group were hacked (NSA) & it’s a wonder if they aren’t backdoor!? Of-course we go through the code .. but could anyone let us know if these files are genuine?

Also, what’s the use of the files, what they specifically target? These files landed originally at:

Now they are gone, the links they’ve provided are gone (except one which’s here) & the original copies might have been already backdoored (later ones which might pop up). I read it’s related to Stuxnet (or more powerful, I know that Stuxnet targeted Nuclear Facilities) but now that they are gone .. can anyone let know the real intent of the files & the groups they’ve mentioned as inline:

Equation Group Files

What does each of the section specifically does? All inputs are appreciated & links to this one to be updated one by one as the reason becomes clear.

Do you have more questions, add them down to the comment section below. I’d try to link them up & compile the same to match throughout a pattern.