Security Experts:

Connect with us

Hi, what are you looking for?



‘Shadow Brokers’ Threaten to Dox Former NSA Hacker

The Shadow Brokers has sent out its first round of exploits and data as part of a recently announced monthly subscription service, and the group claims it has a significant number of subscribers.

The Shadow Brokers has sent out its first round of exploits and data as part of a recently announced monthly subscription service, and the group claims it has a significant number of subscribers.

The hackers, who claim to possess exploits and secret documents stolen from the U.S. National Security Agency (NSA), particularly the Equation Group actor linked to the agency, announced last month that anyone could obtain parts of the data for a monthly fee of 100 Zcash (ZEC), which at the time was worth roughly $20,000.

The group announced on Wednesday its data dump for the month of June and said that they had “many many subscribers.” As a result, individuals and organizations that want next month’s files will have to pay double – 200 ZEC or 1,000 XMR (Monero).

The Shadow Brokers also announced that following requests from several individuals, they have decided to launch a so-called “VIP Service.” Those who want the group’s attention – to learn if they have exploits for specific vulnerabilities or intel on a certain organization – have to make a one-time payment of 400 ZEC, which is currently worth roughly 130,000. The hackers claim someone has already signed up for the VIP service.

A significant part of the statement published on Wednesday by the Shadow Brokers is a message to an individual the hackers call “doctor.” This person, who they claim to have met on Twitter, sent the hackers some “ugly tweets” and later deleted them.

The hackers did some digging and they discovered that the “doctor” is a former member of the Equation Group and they believe he is responsible for building many tools and hacking organizations in China. They also claim that this individual is the co-founder of a new security company.

The Shadow Group told “doctor” that if he doesn’t sign up for their next monthly dump, they will dox him (i.e. expose his real identity).

“TheShadowBrokers is thinking this outcome may be having negative financial impact on new security companies international sales, so hoping ‘doctor’ person and security company is making smart choice and subscribe. But is being ‘doctor’ person’s choice. Is not being smart choice to be making ugly tweets with enough personal information to DOX self AND being former equation group AND being co-founder of security company,” the Shadow Brokers said.

While many of the exploits leaked in the past months by the Shadow Brokers had little value, the recent WannaCry ransomware attacks demonstrated that the group’s leaks can lead to significant damage. The hackers’ requests for money were largely ignored until the WannaCry outbreak, but these attacks have made many realize that the group’s exploits can be highly valuable.

Some members of the infosec community decided to launch a crowdfunding initiative to acquire Shadow Brokers exploits via the monthly dump service in an effort to help prevent a future WannaCry-like incident, but they ultimately decided to cancel the project due to legal concerns.

UPDATE. The “doctor” the Shadow Brokers are targeting appears to be the owner of the Twitter account @drwolfff. Before the hackers could leak the information they allegedly have on him, the owner of the account revealed himself to be Daniel R. Wolfford. He claims to reside in the United Arab Emirates, he has no connection to the Equation Group, and is not the co-founder of a cybersecurity startup.

Related: “Shadow Brokers” Data Obtained From Insider: Flashpoint

Related: Shadow Brokers Release More NSA Exploits

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.