The group calling itself “The Shadow Brokers” has changed tactics and announced the launch of a crowdfunding campaign for the exploits allegedly stolen from the NSA-linked threat actor known as the Equation Group.
In mid-August, The Shadow Brokers leaked 300 Mb of firewall exploits, implants and tools, claiming that the files had been obtained from the Equation Group. The hackers launched an all-pay auction in hopes of making a serious profit for a second batch of files that allegedly includes exploits, vulnerabilities, RATs, persistence mechanisms and data collection tools.
However, since the auction only raised less than two bitcoins, the group has decided to try a different approach: crowdfunding. They have insisted that their only goal is to get paid for the exploits.
“TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money and you peoples is never hearing from TheShadowBrokers again!,” the group said. “TheShadowBrokers is being disappointed peoples no seeing novelty of auction solution. Auction is design for to make benefit TheShadowBrokers.”
The first statement published by the hackers led many to believe that they had been demanding one million bitcoins for the second batch of files, but the group later clarified that their demands were misunderstood.
They claimed the second batch was up for auction and that the one million bitcoins were actually related to a “consolation prize.” Since only the winner of the auction would get the files, the hackers were prepared to leak more information for free if they raised one million bitcoins.
The new crowdfunding campaign aims to raise 10,000 bitcoins (roughly $6.4 million), but based on the amount contributed so far, this initiative doesn’t appear to be more successful than the auction.
“TheShadowBrokers is publicly posting the password when receive 10,000 btc (ten thousand bitcoins),” the hackers said. “Sharing risk. Sharing reward. Everyone winning.”
Experts confirmed that the first files published by Shadow Brokers were genuine and Cisco even discovered zero-day exploits in the leak.
There are several theories on who is behind Shadow Brokers. Some believe it’s the work of the Russian government, while others suggested that it could be an NSA insider. Some speculated that the files might have been inadvertently exposed on a server, allowing anyone to grab them.
Related: Over 840,000 Cisco Devices Affected by NSA-Linked Flaw
Related: Cisco Finds New Zero-Day Linked to “Shadow Brokers” Exploit

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- Thousands Access Fake DDoS-for-Hire Websites Set Up by UK Police
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
Latest News
- Mandiant Catches Another North Korean Gov Hacker Group
- Microsoft Puts ChatGPT to Work on Automating Cybersecurity
- Video: How to Build Resilience Against Emerging Cyber Threats
- Nigerian BEC Scammer Sentenced to Prison in US
- China’s Nuclear Energy Sector Targeted in Cyberespionage Campaign
- SecurityScorecard Guarantees Accuracy of Its Security Ratings
- ChatGPT Data Breach Confirmed as Security Firm Warns of Vulnerable Component Exploitation
- 14 Million Records Stolen in Data Breach at Latitude Financial Services
