Published: Sat, May 20, 2017
Hi-Tech | By Ellis Neal

'Shadow Brokers' threaten to release more hacking tools in June

The group also mentions "The Equation Group", which is supposed to be a hacking group linked to the NSA.

RiskSense has been tracking the Shadow Brokers since last August, when it released a zero-day exploit "Extra Bacon" for Cisco ASA firewalls that potentially allowed attackers to access internal networks.

That exploit is ETERNALBLUE, a supposed hacking tool developed by the Equation Group, a codenamed usually given to NSA cyber-operations. Shadow Brokers offered some of their wares at auction. They released NSA's hacking tools which was the main reason behind those attacks. Nobody believed Shadow Brokers.

And now the Shadow Brokers are back with yet another missive. "But I can not defend an agency having powerful tools if it can not protect the tools and keep them in its own hands", he said.

"A. Sale is buy or no buy, no bad things happen if no buy".

Yesterday I was interviewed by NPR about the Shadow Brokers and their relationship to WannaCry. Even then, there were no takers.

In a convoluted post on and shared on the mysterious group's Twitter account, Shadow Brokers says it has more exploits and attack tools in its possession. "And if not, Microsoft knew the vulnerability was remotely exploitable and worm-able, so in an abundance of caution, they had it at the ready in case something happened - it did".

Apparently, Shadow Brokers have already tried to sell information to several multinational companies, countries, and worldwide organizations, including the North Atlantic Treaty Organization, the UN, Microsoft, Apple, and Google, but none of them was interested in that kind of purchase. Although iOS is responsive and quickly patches vulnerabilities, most Android devices are woefully insecure.

Even the April release of NSA exploits is not close to exhausted, according to several cyberspecialists.

"Shadow Brokers claim they are not "interested in stealing grandmothers" retirement money", but rather this whole fight is about them vs theequationgroup. "This is clearly not what is expected from the market leader that is responsible for 90% of the operating systems in the world". Currently, that amount is worth $1.76 billion. Although zero-days on web browsers are a threat, the current patch ecosystem for browsers quickly turns discovered zero-days into non-issues. Was that a coincidence?

At this point the post trails off into a diatribe about Brad Smith, Microsoft's head lawyer, before picking up again. WannaCry is very unusual for crimeware.

Part of their statement is effectively a disclaimer of responsibility for WannaCry.

That risk appears to extend beyond the massive WannaCry ransomware threat as well. He has written an extensive side-by-side comparison of code from WannaCry and known code from the Lazarus Group-the shadowy group behind the 2014 attack on Sony Pictures and the $81 million heist at Bangladesh Bank-and concludes that there's a strong, if coincidental, link between WannaCry and North Korea.

In a post on their blog, the hackers announced that they would be launching a monthly data dump service, comparing it to a "wine of the month club" for hackers. It adds, "Each month peoples can be paying membership fee, then getting members only data dump each month". What members do with it after the dump is up to them.

The Shadow Brokers allegedly hacked the NSA's Equation Group to steal EternalBlue, along with other tools, and tried to auction it.

Like this: