Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

ICS/OT

Shadow Brokers “Retire” Awaiting Offer of 10,000 Bitcoins for Cache of Exploits

The mysterious hacking group calling themselves “The Shadow Brokers” has apparently decided to put an end to their failed attempts to sell exploits and hacking tools they claimed to have stolen from the NSA-linked Equation Group.

The mysterious hacking group calling themselves “The Shadow Brokers” has apparently decided to put an end to their failed attempts to sell exploits and hacking tools they claimed to have stolen from the NSA-linked Equation Group.

The news arrives only several days after the group put up for sale a series of Windows exploits and hacking tools, the first of the kind to have been associated with the stolen tools so far. The offering also included what appeared to be anti-virus bypass utilities.

Since August 2016, the group has been releasing firewall exploits, implants and other tools supposedly used by the Equation Group in their cyber-related activities. The initial batch of released exploits and implants was targeting firewalls from Fortinet, Chinese company TOPSEC, Cisco, Juniper Networks, WatchGuard and several unknown vendors.

Although the group released a second batch of exploits in October, they weren’t looking to make all of the stolen tools available for free, and soon decided to put them up for auction, but failed to reach the targeted goal of 10,000 Bitcoins. Next, they attempted a crowdfunding effort, but that failed as well.

The group then set up a website using the BitTorrent-powered ZeroNet peer to peer web platform, and put the available exploits and other tools up for direct sale, for a total of only 1,000 Bitcoins (around $800,000).

Now, the website the group used for direct sales is informing visitors that the Shadow Brokers have decided to go dark, because continuing their activity is too risky and brings few results. In fact, the group makes it clear that their main goal was to sell the stolen exploits for cash, and that the release of free tools was only a marketing move.

Since there are “no Bitcoins in free dumps and giveaways,” the Shadow Brokers are making an exit, but they leave a door open for those who might be interested in what they have to offer. The group posted a Bitcoin address, saying that they would return from hiding if they receive 10,000 Bitcoins. This offer, they say, has no expiration date.

Before making the exit, however, the group decided to release some more freebies, this time a series of 58 Windows hacking tools that Kaspersky’s anti-virus can detect. The batch is included in an archive available on the group’s website: https://onlyzero [.] net / theshadowbrokers.bit /.

Advertisement. Scroll to continue reading.
Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

ICS/OT

The overall effect of current global geopolitical conditions is that nation states have a greater incentive to target the ICS/OT of critical industries, while...

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

ICS/OT

Wago has patched critical vulnerabilities that can allow hackers to take complete control of its programmable logic controllers (PLCs).

Cybercrime

Energy giants Schneider Electric and Siemens Energy confirm being targeted by the Cl0p ransomware group in the campaign exploiting a MOVEit zero-day.

ICS/OT

Otorio has released a free tool that organizations can use to detect and address issues related to DCOM authentication.

ICS/OT

Mandiant's Chief analyst urges critical infrastructure defenders to work on finding and removing traces of Volt Typhoon, a Chinese government-backed hacking team caught in...

ICS/OT

Municipal Water Authority of Aliquippa in Pennsylvania confirms that hackers took control of a booster station, but says no risk to drinking water or...