Connect with us

Hi, what are you looking for?



Shadow Brokers Release Tool Used by NSA to Hack PCs

The hacker group calling itself Shadow Brokers continues to release tools and exploits allegedly stolen from the U.S. National Security Agency (NSA), including a sophisticated espionage platform that can be used to take full control of targeted computers.

The hacker group calling itself Shadow Brokers continues to release tools and exploits allegedly stolen from the U.S. National Security Agency (NSA), including a sophisticated espionage platform that can be used to take full control of targeted computers.

In the past year, Shadow Brokers has apparently tried to make a significant amount of money by offering to sell various tools and exploits used by the Equation Group, a cyber espionage actor linked by researchers to the NSA.

After several failed attempts, the Shadow Brokers’ latest offer involves monthly leaks for which interested parties have to pay a fee ranging between 100 Zcash (roughly $24,000) and 16,000 Zcash (roughly $3.8 million) — older dumps can be acquired for a few hundred Zcash while the price of future dumps will increase exponentially. An analysis of their cryptocurrency addresses showed that the hackers have made at least tens of thousands of dollars from the monthly dump service.

With the September release, announced on Wednesday, Shadow Brokers informed interested entities that they will offer two dumps every month, and that Monero digital currency is no longer accepted.

While the content of each leak is not disclosed, one of the files made available for free this month, a user manual, suggests that last month’s dump included an NSA tool known as UNITEDRAKE.

UNITEDRAKE is a modular platform that allows users to take complete control of a Windows machine. It was one of the tools mentioned by The Intercept in 2014 when it started releasing files from NSA whistleblower Edward Snowden.

The tool was also detailed in February 2015 by Kaspersky Lab in the first report to link tools detailed in Snowden documents to a cyberespionage group, namely the Equation Group.

Kaspersky tracked UNITEDRAKE as EquationDrug, whose successor was GrayFish. The security firm said EquationDrug and GrayFish were used between 2003 and 2014, and described them as the most sophisticated espionage platforms used by the Equation Group.

Advertisement. Scroll to continue reading.

Some pointed out that screenshots included in the UNITEDRAKE manual appear to show that the NSA had used McAfee antivirus based on the presence of the McAfee agent icon in the taskbar. However, it’s worth pointing out that, for several years, a limited version of the McAfee antivirus was installed alongside Adobe Flash Player if users neglected to untick a box during installation.

The Shadow Brokers claim this month’s dump contains exploits, but experts doubt too many people are willing to pay the increasingly significant amounts of money, especially since at least one previous subscriber complained that they only received a worthless tool after paying tens of thousands of dollars.

A group of researchers did try to launch a crowdfunding initiative back in May in an effort to raise money for the monthly dumps, but they ended up canceling the project due to legal reasons.

Related: ‘Shadow Brokers’ Threaten to Dox Former NSA Hacker

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.