Russia-linked hacking group The Shadow Brokers has warned of a new release of exploits next month, in an update which will likely cause sweaty palms at the NSA.
In a new missive written as usual in comically bad English, the group claimed to have possession of “75% of U.S. cyber arsenal” stolen from the NSA-linked Equation Group.
After a long ramble about WannaCry and Microsoft, in which it blamed North Korea for the global attack, the group said that next month it would announce "TheShadowBrokers Data Dump of the Month."
“TheShadowBrokers is launching new monthly subscription model,” it explained. “Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.”
This data dump could include exploits and tools for browsers, handsets and routers; new exploits for Windows 10; “compromised network data from more Swift providers and central banks”; and network data stolen from Russian, Chinese, Iranian or North Korean missile/nuclear programs.
Given the strong links between the Kremlin and the Shadow Brokers, the latter claim may simply be a hoax, designed to keep observers guessing as to the group’s origins.
NSA whistleblower Edward Snowden claimed back in August 2016 that “circumstantial evidence and conventional wisdom” points to Moscow as the force behind the Shadow Brokers.
Given that the group has come good on most of its threats previously, this latest warning is likely to cause more than a little concern at NSA HQ.
It was claimed by anonymous insiders earlier this week that the spy agency had been forced to warn Microsoft of the EternalBlue Windows exploit it developed after it was stolen by Shadow Brokers.
Although Microsoft then produced a patch for the critical SMB vulnerability it exploited, the recent WannaCry ransomware epidemic – which used the same exploit – still caused widespread damage worldwide.
If similar tools are set to be released by the Shadow Brokers from next month, the agency will have to decide pretty quickly – if it hasn’t already – whether to inform the relevant software makers.