Shadow Brokers' NSA dirty tricks spill points to compromised servers in China and Russia

NSA also partial to exploiting zero-day security flaws in Sun Solaris, Shadow Brokers' leak indicates

Shadow Brokers, the hacking group that claims to have uncovered a trove of US National Security Agency linked malware and exploits, has released more information pointing to the NSA's use of compromised servers in Russia and China for conducting covert operations online.

The data dump, via Mega and Yadi, features a list of servers compromised by the NSA. In addition to servers dotted around former Communist states, the group implies that compromised servers at Bundeswehr University in Munich and universities in Rostock, Gießen and Erlangen were also used by the NSA.

In addition, many of the servers, rather than running Windows or Linux, appear to be running Solaris, the Unix derivative developed by Sun Microsystems and now maintained by software giant Oracle, which acquired Sun in 2010.

The documents indicate that the servers were compromised over a period of about a decade, between 2001 and 2010, and are currently barely used.

The group signed the latest data dump with the same key that they used with their first stash of NSA exploits back in August.

The authenticity of the Shadow Brokers group and the links between the malware and the NSA was tentatively confirmed by security software company Kaspersky, while NSA whistleblower Edward Snowden suggested that it was a coded warning from Russia to the US to back off or risk embarrassment.

However, security experts have been quick to point out that the list of compromised servers already looks out-of-date.

Security architect Kevin Beaumont, for example, suggested Shadow Brokers were more interested in publicity. "The list of servers is nine years old, likely no longer exist or reinstalled," he tweeted.

Others suggested that, with the NSA likely using servers all over the world, attributing nation states attacks is an almost impossible task.

Computing's Enterprise Security & Risk Management Summit returns on 24 November. Entrance is FREE to qualifying IT leaders and computing professionals, but places are going fast, so register now.