After a lackluster attempt at selling NSA hacking tool, the Shadow Brokers have dump them on the Internet for all
Infamous hacking outfit Shadow Brokers announced today plans to retire and go dark after failing once more to sell the bulk of their hacking tools. The group published a tweet today and an article on their website, hosted on the ZeroNet anonymous hosting service.
A case of capitalist turned altruist? Hmm I think not. All hackers should really have someone with some business savvy on their team, seems negotiation isn’t taught at hacker school.
In a farewell message posted Thursday morning, group members said they were deleting their accounts and making an exit after their offers to release their entire cache of NSA hacking tools in exchange for a whopping 10,000 bitcoins (currently valued at more than $8 million) were rebuffed. While they said, they would still make good on the offer should the sum be transferred into their electronic wallet, they said there would be no more communications.
Malware experts are still analyzing the files, but early indications are that, as was the case with earlier Shadow Brokers dumps, they belonged to the Tailored Access Operations, the NSA’s elite hacking unit responsible for breaking into the computers and networks of US adversaries. And given evidence the files remained undetected by many of the world’s most widely used malware defenses, Thursday’s farewell message may have been little more than a parting insult, particularly if the group has origins in the Russian government, as members of the intelligence community have speculated.
Kaspersky Labs responded:
“At Kaspersky Lab, we have checked a copy of the archive from the latest Shadow Brokers post and performed a quick analysis. Most of the samples in the archive are EquationDrug plugins, GrayFish modules and EquationVector modules. These three are known malware platforms used by the Equation group, which we described in February 2015. From the list of 61 files provided, our products already detect 44 of them. We are updating our products to detect all further samples.