“Leaked documents describing another plugin, named ‘EventLogEdit,’ show it could be used to edit event logs, giving the attacker the ability to manipulate digital forensic evidence that would normally show anomalies after an intrusion, said Williams.
‘EventLogEdit’ was likely developed and deployed by a well resourced and technically gifted adversary, like an intelligence service, described Michael Zeberlein, director of intelligence analysis with Area 1 Security.”
Source: Shadow Brokers’ latest leak could have come from beyond NSA staging servers