Shadow Brokers spew Windows hack tools after exploit auction flop

Security exploit peddlers Shadow Brokers announced their retirement on Thursday – and released 58 tools for hacking Windows PCs for free by way of a parting gift.

The shady group is essentially giving up, and shoving malicious code – most of which is detected by Kaspersky and a few other antivirus makers – into the hands of as many miscreants and researchers as possible. The tools can be used to hijack and remotely control vulnerable Windows systems.

The group is best known for running pretty much unsuccessful auctions of exploits and vulnerabilities sourced from the Equation Group – a collection of elite NSA hackers. Documents leaked by intelligence whistleblower Edward Snowden provide firm evidence that hacking tools previously leaked by the Shadow Brokers included malware and exploits that began life at the spying agency.

Shadow Brokers posted a finale - with tools already detected by Kaspersky. What an exciting time to be in #CTI!https://t.co/CYbHMtw5Ey

— Jake Williams (@MalwareJake) January 12, 2017

In its parting note, the brokers said their operation was always about the money and that they would only come out of retirement if their “fans” filled its coffers with 10,000 BTC ($7.9m). Although it’s departing the scene, at least for now, the gang is allowing a sale of Windows hacking tools it opened earlier this week to run on uninterrupted.

Would-be buyers can purchase the entire database of hacking tools that The Equation Group used for 750 BTC ($591K). A good rundown of what’s in the farewell dump, and wider context of Shadow Brokers’ latest shenanigans, can be found in a blog post by Danish security outfit Heimdal Security, here. ®