ShadowBrokers offers for sale the stolen NSA Windows Hacking Tools

The ShadowBrokers is the hacker crew stolen the arsenal of the NSA-Linked Equation Group is offering for sale the stolen NSA Windows Hacking Tools.

The ShadowBrokers is the hacker crew that leaked a portion of the arsenal of the NSA-Linked Equation Group, a precious archive containing hacking tools and exploits.

At the end of October,  the hackers leaked a fresh dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group.

The Equation group compromised these targets using the hacking tools codenamed as INTONATION and PITCHIMPAIR. The ShadowBrokers provided the links to two distinct PGP-encrypted archives, the first one offered for free as a proof of the hack (its passphrase was ‘auctioned’), for the second one the group requested 1 million BTC .

The first archive was containing roughly 300MBs of data, including firewall exploits, hacking tools, and scripts with cryptonyms like BANANAUSURPER, BLATSTING, and BUZZDIRECTION.

The security researchers Mustafa Al-Bassam published an interesting post that lists all the exploits, implants, and tools for hacking firewalls (“Firewall Operations”) included in the dump.

The Equation Group ‘s hackers targeted products made by Cisco, Fortigate, Juniper, TOPSEC, and Watchguard.

The majority of files are at least three years old, meanwhile, the newest timestamp dating to October 2013.

Early October, TheShadowBrokers complained that no one seems to be bidding on their precious archive, an alleged member of the hacker group expressed his dissent on the lack of interest in ponying up bitcoins to release the full NSA data dump.

Earlier December 2016, the group announced the launch of a crowdfunding campaign for the stolen arsenal because its auction received offers for less than two bitcoins.

We met Shadow Brokers last time in December 2016, when they changed the model of sale offering the NSA’s hacking arsenal for direct sale on an underground website.

The hacking group is back and now it is selling another package of hacking tools, “Equation Group Windows Warez.” The new archive includes a collection of Windows exploits and tools to evade detection of antivirus solutions.

The first malware, the Remote Administration Tool (RAT) “DanderSpritz,” was included in the collection of documents leaked by Edward Snowden.

The group posted a message on their website on the ZeroNet, announcing the sale of the entire “Windows Warez” archive for 750 Bitcoin (around US$678,630).

The data dump offered for sale contains several hacking tools grouped in the following categories:

• Fuzzing tools (used to discover errors and security loopholes)
• Exploit Framework
• Network Implants
• Remote Administration Tools (RAT)
• Remote Code Execution Exploits for IIS, RDP, RPC, SMB Protocols (Some Zero-Days)
• SMB BackDoor (Implant)

The malware researcher Jacob Williams published an analysis of the archive of “screenshots and output of the find command across the dump” provided by the ShadowBrokers.Williams started searching for info on the term “Psp_Avoidance” reported in one of the screenshots published by the group.