U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

APT

ShadowBrokers exits releasing another arsenal of tools to hack Windows

The ShadowBrokers hacking group that broke into the NSA arsenal and stole its hacking tools is signing off, leaving a gift to the security community. The mysterious hacking group calling themselves “The Shadow Brokers” has apparently decided to put an end to their failed attempts to sell exploits and hacking tools they claimed to have […]

zero-day

The ShadowBrokers hacking group that broke into the NSA arsenal and stole its hacking tools is signing off, leaving a gift to the security community.

The mysterious hacking group calling themselves “The Shadow Brokers” has apparently decided to put an end to their failed attempts to sell exploits and hacking tools they claimed to have stolen from the NSA-linked Equation Group.

A few days ago the notorious hacker group Shadow Brokers announced the sale of an archive of  Windows exploits and hacking tools stolen from the NSA-linked Equation group.

ShadowBrokers

The ShadowBrokers is the hacker crew that leaked a portion of the arsenal of the NSA-Linked Equation Group, a database containing hacking tools and exploits.

In October 2016,  the hackers leaked a dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group.

The Equation group compromised these targets using the hacking tools codenamed as INTONATION and PITCHIMPAIR. The ShadowBrokers provided the links to two distinct PGP-encrypted archives, the first one offered for free as a proof of the hack (its passphrase was ‘auctioned’), for the second one the group requested 1 million BTC .

The first archive was containing roughly 300MBs of data, including firewall exploits, hacking tools, and scripts with cryptonyms like BANANAUSURPER, BLATSTING, and BUZZDIRECTION.

The Equation Group ‘s hackers targeted products made by Cisco, Fortigate, Juniper, TOPSEC, and Watchguard.

Early October, TheShadowBrokers complained that no one seems to be bidding on their precious archive, an alleged member of the hacker group expressed his dissent on the lack of interest in ponying up bitcoins to release the full NSA data dump.

In December 2016, the group announced the launch of a crowdfunding campaign for the stolen arsenal because its auction received offers for less than two bitcoins.

In December 2016, when they changed the model of sale offering the NSA’s hacking arsenal for direct sale on an underground website.

Now the group has decided to exit from the scene, according to the message published on the website it used for direct sales of the hacker tools, the hackers will go in the dark because continuing their activities is too risky.

The group explained that their main target was the sale of the stolen hacking tools and exploits, but no one has brought them.

Shadow Brokers crew published a Bitcoin address explaining that they would return in the case someone will pay 10,000 Bitcoins for the exploits. The offer will be valid forever.

Before leaving the cyber arena, the group decided to release some gifts, a collection of 58 Windows hacking tools. These tools are able to avoid detection of security solutions. If you are interested in downloading the precious archive visit the group’s website on ZeroNet:

https://onlyzero.net/theshadowbrokers.bit

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs –  The Equation Group, ShadowBrokers)