Security Experts:

Connect with us

Hi, what are you looking for?



“Shadow Brokers” Wants 10,000 Bitcoins for NSA Exploits

The group calling itself “The Shadow Brokers” has changed tactics and announced the launch of a crowdfunding campaign for the exploits allegedly stolen from the NSA-linked threat actor known as the Equation Group.

The group calling itself “The Shadow Brokers” has changed tactics and announced the launch of a crowdfunding campaign for the exploits allegedly stolen from the NSA-linked threat actor known as the Equation Group.

In mid-August, The Shadow Brokers leaked 300 Mb of firewall exploits, implants and tools, claiming that the files had been obtained from the Equation Group. The hackers launched an all-pay auction in hopes of making a serious profit for a second batch of files that allegedly includes exploits, vulnerabilities, RATs, persistence mechanisms and data collection tools.

However, since the auction only raised less than two bitcoins, the group has decided to try a different approach: crowdfunding. They have insisted that their only goal is to get paid for the exploits.

“TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money and you peoples is never hearing from TheShadowBrokers again!,” the group said. “TheShadowBrokers is being disappointed peoples no seeing novelty of auction solution. Auction is design for to make benefit TheShadowBrokers.”

The first statement published by the hackers led many to believe that they had been demanding one million bitcoins for the second batch of files, but the group later clarified that their demands were misunderstood.

They claimed the second batch was up for auction and that the one million bitcoins were actually related to a “consolation prize.” Since only the winner of the auction would get the files, the hackers were prepared to leak more information for free if they raised one million bitcoins.

The new crowdfunding campaign aims to raise 10,000 bitcoins (roughly $6.4 million), but based on the amount contributed so far, this initiative doesn’t appear to be more successful than the auction.

“TheShadowBrokers is publicly posting the password when receive 10,000 btc (ten thousand bitcoins),” the hackers said. “Sharing risk. Sharing reward. Everyone winning.”

Experts confirmed that the first files published by Shadow Brokers were genuine and Cisco even discovered zero-day exploits in the leak.

There are several theories on who is behind Shadow Brokers. Some believe it’s the work of the Russian government, while others suggested that it could be an NSA insider. Some speculated that the files might have been inadvertently exposed on a server, allowing anyone to grab them.

Related: Over 840,000 Cisco Devices Affected by NSA-Linked Flaw

Related: Cisco Finds New Zero-Day Linked to “Shadow Brokers” Exploit

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


A newly identified threat actor tracked as NewsPenguin has been targeting military organizations in Pakistan with sophisticated malware.