The infamous Shadow Brokers hacking crew, central players in the release of the vulnerability that led to last week's WannaCrypt chaos, have returned online with a threat to release more exploits.
WannaCrypt used the EternalBlue exploit and DoublePulsar backdoor developed by the NSA. These tools were dumped by the Shadow Brokers last month after a failed attempt to auction off the exploits.
Microsoft patched the underlying vulnerability (MS17-010) in supported operating systems during the March edition of its regular Patch Tuesday updates. The WannaCrypt fallout prompted Redmond to take the highly unusual step of releasing patches for unsupported operating systems including Windows XP.
In a long post, the Shadow Brokers criticise government and IT industry firms for not snapping up the exploits when it had the chance, months before their release. It references its posting of screenshots of Windows exploits from its haul, a development it credits for Microsoft's release of an SMB (Server Message Block) patch in March, before attempting to justify its release of tools a month later in April, warning there was a lot more where that came from.
In April, 90 days from theequationgroup show and tell, 30 days from Microsoft patch, theshadowbrokers dumps old Linux (auction file) and windows ops disks. Because why not? TheShadowBrokers is having many more where coming from? "75% of U.S. cyber arsenal".
TheShadowBrokers dumped 2013 OddJob from ROCTOOLS and 2013 JEEPFLEAMARKET from /TARGETS. This is theshadowbrokers way of telling theequationgroup "all your bases are belong to us". TheShadowBrokers is not being interested in stealing grandmothers' retirement money. This is always being about theshadowbrokers vs theequationgroup.
The NSA's EquationGroup has spies inside Microsoft and other U.S. technology companies, the Shadow Brokers allege. The hacking group says it plans to sell off new exploits every month from June onwards. Windows 10, web browser and router exploits along with "compromised network data from more SWIFT providers and Central banks" are among the items that might be offered through the "dump of the month" service.
In June, TheShadowBrokers is announcing "TheShadowBrokers Data Dump of the Month" service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.
The Shadow Brokers' motives are far from clear. The group said it would shut down operations permanently providing a "responsible party is buying all lost data before it is being sold", a comment seemingly addressed towards the NSA. ®