The Shadow Brokers Return with More Elite NSA Cyberweapons

The Shadow Brokers are back with another cache of weapons lifted, they say, from the National Security Agency (NSA).

Best known for claiming to have stolen advanced cyberespionage tools developed by the NSA’s elite spy team and then attempting to auction them off, this group of black hats is credited with publishing exploits, vulnerabilities and hacking tools. In August 2016, they sold a partial batch of code supposedly stolen from the NSA-linked Equation Group for 1,000 bitcoins—but, their efforts quickly descended into the realm of comedy as Dark Web denizens opted not to bid for the rest of the trove.

"TheShadowBrokers is not being interested in fame. TheShadowBrokers is selling to be making money," the hackers said in a plaintive-sounding note posted on the auction page back in October, two months after the auction opened. "Expert peoples is saying Equation Group Firewall Tool Kit worth $1 million. TheShadowBrokers is wanting that $1 million."

Unsurprisingly, this cri de coeur generated lukewarm response, exacerbated by the fact that there were no guarantees or protections for bidders offered around the sale.

But now they’re back, and trying to sell another batch of tools that allegedly come from the Equation Group—this time, it’s Windows-based hacking tools. Spotted by Heimdal Security, the group announced the sale on Twitter, using a few words and two screenshots.

“theShadowBrokers is having #WindowsWarez posted and now for sale,” the group tweeted.

The newly advertised website claims that, for a total price of 750 bitcoins (about $68,000 as of this writing), the buyer can purchase the entire database of hacking tools that The Equation Group uses to attack the Windows platform. The Shadow Brokers also provide a short description of the many different tools that can be used to compromise and remotely control Windows systems after they’ve been enrolled into a central botnet. And, the database includes different types of exploits and other tools to aimed at fuzzing Windows components.

On the list is a remote administration tool (RAT) named DanderSpritz. That tool actually also appears in several of the documents that Edward Snowden previously leaked, according to Heimdal Security researcher Andra Zaharia.

“While this sale could follow the path of the previous auction attempt by The Shadow Brokers, it could also mean that cyber-criminals have a new set of tools they can use to launch attacks from new and unexpected angles,” she warned, in a posting

Photo © Mediaphotos

What’s Hot on Infosecurity Magazine?