Shadow Brokers sent out first round of exploits and threaten to dox former NSA hacker

Pierluigi Paganini June 29, 2017

Shadow Brokers has sent out the first round of exploits to the subscribers of its service, the hackers also threaten to dox former NSA hacker.

In May the notorious Shadow Brokers group announced the launch of a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month.

The group claimed to have exploit codes for almost any technology available on the market, including “compromised network data from more SWIFT providers and Central banks.”

TheShadowBrokers Monthly Data Dump could be being:

  • web browser, router, handset exploits and tools
  • select items from newer Ops Disks, including newer exploits for Windows 10
  • compromised network data from more SWIFT providers and Central banks
  • compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

Now the Shadow Brokers has sent out its first round of exploits to the subscribers of its service, the hackers also claim to have many subscribers.

On Wednesday the group announced its June data dump and asked individuals and organizations that want next month’s archive for a double payment corresponding to 200 ZEC or 1,000 XMR (Monero).

The Shadow Brokers also announced the launch of a “VIP Service,” for subscribers that are interested in specific vulnerabilities or intel on a certain organization. The VIP Service goes for a one-time payment of 400 ZEC (roughly 130,000), and according to the hacker group, there are already members of this exclusive club.

“Another global cyber attack is fitting end for first month of theshadowbrokers dump service. There is much theshadowbrokers can be saying about this but what is point and having not already being said? So to business! Time is still being left to make subscribe and getting June dump. Don’t be let company fall victim to next cyber attack, maybe losing big bonus or maybe price on stock options be going down after attack. June dump service is being great success for theshadowbrokers, many many subscribers, so in July theshadowbrokers is raising price.” reads the statement published by the group.

“TheShadowBrokers July dump is 200 ZEC or 1000 XMR. Using same addresses as June same instructions.”

Shadow brokers tools

The ShadowBrokers sent a special message to someone that goes online with the moniker of the “doctor,” the hackers met him on Twitter and they believe he is a former member of the NSA-linked Equation Group.

“TheShadowBrokers is having special invitation message for “doctor” person theshadowbrokers is meeting on Twitter. “Doctor” person is writing ugly tweets to theshadowbrokers not unusual but “doctor” person is living in Hawaii and is sounding knowledgeable about theequationgroup. Then “doctor” person is deleting ugly tweets, maybe too much drinking and tweeting? Is very strange, so theshadowbrokers is doing some digging” states the message.

The Shadow Group threatening to dox the “doctor” if he doesn’t sign up for their next monthly dump.

“TheShadowBrokers is thinking this outcome may be having negative financial impact on new security companies international sales, so hoping ‘doctor’ person and security company is making smart choice and subscribe. But is being ‘doctor’ person’s choice. Is not being smart choice to be making ugly tweets with enough personal information to DOX self AND being former equation group AND being co-founder of security company,” the Shadow Brokers added.

The ShadowBrokers dumps are very interesting for IT security experts, a group of researchers evaluated the opportunity to launch a crowdfunding initiative aims to buy Shadow Brokers leak before threat actors will start using the hacking tools and exploits in the wild.

Ultimately, the group decided to cancel the project due to legal concerns.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – ShadowBrokers, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment