ShadowBrokers exits releasing another arsenal of tools to hack Windows

Pierluigi Paganini January 13, 2017

The ShadowBrokers hacking group that broke into the NSA arsenal and stole its hacking tools is signing off, leaving a gift to the security community.

The mysterious hacking group calling themselves “The Shadow Brokers” has apparently decided to put an end to their failed attempts to sell exploits and hacking tools they claimed to have stolen from the NSA-linked Equation Group.

A few days ago the notorious hacker group Shadow Brokers announced the sale of an archive of  Windows exploits and hacking tools stolen from the NSA-linked Equation group.


The ShadowBrokers is the hacker crew that leaked a portion of the arsenal of the NSA-Linked Equation Group, a database containing hacking tools and exploits.

In October 2016,  the hackers leaked a dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group.

The Equation group compromised these targets using the hacking tools codenamed as INTONATION and PITCHIMPAIR. The ShadowBrokers provided the links to two distinct PGP-encrypted archives, the first one offered for free as a proof of the hack (its passphrase was ‘auctioned’), for the second one the group requested 1 million BTC .

The first archive was containing roughly 300MBs of data, including firewall exploits, hacking tools, and scripts with cryptonyms like BANANAUSURPER, BLATSTING, and BUZZDIRECTION.

The Equation Group ‘s hackers targeted products made by Cisco, Fortigate, Juniper, TOPSEC, and Watchguard.

Early October, TheShadowBrokers complained that no one seems to be bidding on their precious archive, an alleged member of the hacker group expressed his dissent on the lack of interest in ponying up bitcoins to release the full NSA data dump.

In December 2016, the group announced the launch of a crowdfunding campaign for the stolen arsenal because its auction received offers for less than two bitcoins.

In December 2016, when they changed the model of sale offering the NSA’s hacking arsenal for direct sale on an underground website.

Now the group has decided to exit from the scene, according to the message published on the website it used for direct sales of the hacker tools, the hackers will go in the dark because continuing their activities is too risky.

The group explained that their main target was the sale of the stolen hacking tools and exploits, but no one has brought them.

Shadow Brokers crew published a Bitcoin address explaining that they would return in the case someone will pay 10,000 Bitcoins for the exploits. The offer will be valid forever.

Before leaving the cyber arena, the group decided to release some gifts, a collection of 58 Windows hacking tools. These tools are able to avoid detection of security solutions. If you are interested in downloading the precious archive visit the group’s website on ZeroNet:

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  The Equation Group, ShadowBrokers)

you might also like

leave a comment