We already know that Shadow Brokers, the group that stole 300mb of data including firewall exploits, tools and implants of Equation Group, could not sell the stolen data via auction. The group received a lukewarm response from bidders when the data was put online for auction in August. It must be noted that Equation Group is affiliated with the National Security Agency (NSA).
Through auctioning, Shadow Brokers tried to sell the stolen data via an all-pay auction but the efforts were useless because they could only raise two Bitcoins. In October, they tried to raise 10,000 Bitcoins, which equals to around $7.8 million, through crowdfunding by selling the second batch of files which included information like vulnerabilities, RATs, exploits, data collection tools and persistence methods. However, this scheme also could not be beneficial.
Now, according to a post on Medium, Shadow Brokers have come up with a new strategy to make some bucks from the stolen data by selling it directly through a new website. The group is now selling the stolen exploits for 1,000 bitcoins, which is about $780,000. Shadow Brokers have released a batch of files citing that the IPs that the files mentioned did correspond to the Equation Group machines.
Reportedly, the leaked files targeted a large number of devices manufactured by renowned brands including TOPSEC, WatchGuard, Fortinet, Juniper Networks and Cisco. The files seem to be associated with an NSA-linked actor.
The platform being used by the Shadow Brokers is called ZeroNet, which is used for hosting websites with blockchain and BitTorrent tech. The hacker group is trying to create a site to sell the stolen exploits for 1,000 Bitcoins for the whole data and the price of individual exploits is between 1 and 100 Bitcoins per exploit.
The data has also been sorted by the group this time around as they have categorized it in respective categories such as Trojan, Implant and Exploit. Interested visitors would get screenshots of the files they intend to buy.
One of the available files is signed with a PGP key; it features a fingerprint that matches the fingerprint of the original dump. Interested parties need to email a member of the group, who will then send the Bitcoin payment address. Once the payment is made, a link to the required file will be sent by Shadow Brokers along with the decryption key.