Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Shadow Brokers Promise More Exploits for Monthly Fee

The hacker group calling itself Shadow Brokers claims to possess even more exploits stolen from the NSA-linked Equation Group, and anyone can have them by paying a monthly “membership” fee.

The hacker group calling itself Shadow Brokers claims to possess even more exploits stolen from the NSA-linked Equation Group, and anyone can have them by paying a monthly “membership” fee.

The Shadow Brokers have been in the news over the past days after unknown threat actors leveraged two of the exploits they leaked to deliver WannaCry ransomware to hundreds of thousands of systems worldwide.

The attackers have used an exploit called EternalBlue, which leverages an SMB vulnerability in Windows, to distribute the ransomware without user interaction. Microsoft patched the flaw in March and over the weekend it made available fixes even for outdated versions of Windows.

Some people blamed Shadow Brokers for the devastating WannaCry attacks, arguing that the ransomware could not have spread so easily without the exploits they leaked. Others believe the existence of the vulnerability would have come to light at some point even without them leaking the exploit.

The Shadow Brokers insist that their main goal is to make money and to demonstrate that they are a “worthy opponent” of the Equation Group.

The hackers claimed Microsoft postponed its February security updates to address the EternalBlue and other Eternal exploits. However, they pointed out that they had waited for 30 days after Microsoft rolled out the fixes before releasing the exploits.

The WannaCry attacks led to Microsoft president and chief legal officer Brad Smith renewing his call for governments to stop stockpiling vulnerabilities and disclose them to affected vendors.

Shadow Brokers, however, claims the NSA and Microsoft are “BFFs,” with contracts of “millions or billions of USD each year.” Their other conspiracy theories include an agreement between the NSA and Microsoft over not patching vulnerabilities until they are publicly disclosed, and Microsoft fixing the recent SMB flaw in secret after the NSA lied about the exploits it had been using.

Advertisement. Scroll to continue reading.

Shadow Brokers claims to possess much more data and exploits, and in June the group plans on launching a subscription-based “service.”

According to the hackers, people willing to pay a monthly fee will receive exploits for browsers, routers, mobile devices, and Windows (including Windows 10). The offer also includes SWIFT network data and information on Russian, Chinese, Iranian and North Korean nuclear and missile programs.

Judging by the group’s previous offers to sell the data for thousands and even tens of thousands of bitcoins, the membership fee will likely not be small.

However, if someone offers to buy the remaining exploits and data from the Shadow Brokers, the group said it will go dark permanently as it will no longer have any financial incentive to continue taking risks.

In January, after failed attempts to make money via auctions, crowdfunding and direct sales, Shadow Brokers announced that it was retiring. With the renewed interest in the exploits it possesses, the group has apparently come up with yet another strategy for making a profit.

Related: “Shadow Brokers” Data Obtained From Insider

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this in-depth briefing on how to protect executives and the enterprises they lead from the growing convergence of digital, narrative, and physical attacks.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Forcepoint has appointed Guy Shamilov as CISO, Bakshi Kohli as CTO and Naveen Palavalli as CPO and CMO.

Paul Calatayud has been named CISO of developer security posture management firm Archipelo.

Cyber readiness and response firm Sygnia has appointed Avi Golan as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.