Shadow Brokers are back after WannaCry case, it plans to offer data dump on monthly subscription model

Pierluigi Paganini May 17, 2017

Shadow Brokers made the headlines once again, the notorious group plans to offer data dump on a monthly subscription model.

The notorious Shadow Brokers hacking group made the headlines during the weekend when systems worldwide were compromised by the WannaCry ransomware because the thread leveraged the EternalBlue exploit and DoublePulsar backdoor developed by the NSA.

Both tools were included in the huge trove of documents and exploits dumped by the Shadow Brokers last month after a failed attempt to auction off them.

The vulnerability exploited by the tools was fixed by Microsoft on March, but the company took the unusual decision of releasing patches for unsupported versions of its operating systems including Windows XP and Windows Server 2003.

Shadow Brokers decided to go out with a long message to netizens, the group criticized the US government and IT giants for the way have managed the exploits months before their public release.

Shadow Brokers

It references its posting of screenshots of Windows exploits from its haul, a development it credits for Microsoft’s release of an SMB (Server Message Block) patch in March, before attempting to justify its release of tools a month later in April, warning there was a lot more where that came from.

“In April, 90 days from the Equation Group show and tell, 30 days from Microsoft patch, theshadowbrokers dumps old Linux (auction file) and windows ops disks. Because why not? TheShadowBrokers is having many more where coming from? “75% of U.S. cyber arsenal” TheShadowBrokers dumped 2013 OddJob from ROCTOOLS and 2013 JEEPFLEAMARKET from /TARGETS.” states the Shadow Brokers’s message.

“In April, 90 days from theequationgroup show and tell, 30 days from Microsoft patch, theshadowbrokers dumps old Linux (auction file) and windows ops disks. Because why not? TheShadowBrokers is having many more where coming from? “75% of U.S. cyber arsenal”.TheShadowBrokers dumped 2013 OddJob from ROCTOOLS and 2013 JEEPFLEAMARKET from /TARGETS. This is theshadowbrokers way of telling theequationgroup “all your bases are belong to us”. TheShadowBrokers is not being interested in stealing grandmothers’ retirement money. This is always being about theshadowbrokers vs theequationgroup.”

According to the Shadow Brokers, the NSA-linked EquationGroup has clearly infiltrated tech giants, including Microsoft. The hacking group says it plans to sell off new exploits every month from June onwards. Windows 10, web browser and router exploits along with “compromised network data from more SWIFT providers and Central banks” are among the items that might be offered through the “dump of the month” service.

The hacking crews announce it plans to sell off new exploits every month starting from June, a data dump based on a monthly subscription model.

The group claims to have exploit codes for almost any technology available on the market, including “compromised network data from more SWIFT providers and Central banks.”

TheShadowBrokers Monthly Data Dump could be being:

  • web browser, router, handset exploits and tools
  • select items from newer Ops Disks, including newer exploits for Windows 10
  • compromised network data from more SWIFT providers and Central banks
  • compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

“In June, TheShadowBrokers is announcing “TheShadowBrokers Data Dump of the Month” service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.” continues the group’s message.

Experts believe the Shadow Brokers team would shut down operations permanently and is looking for a “responsible party is buying all lost data before it is being sold.”

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – WannaCry ransomware, cybercrime)

[adrotate banner=”13″]



you might also like

leave a comment