Shadow Brokers is an emerging new group of black-hat hackers that has been making headlines lately for posting about prevailing vulnerabilities and exposing exploits out in the public. They became famous when they stole and sold “powerful” spying tools developed by the NSA (National Security Agency) and suspected of being used by another notorious group known as The Equation Group.
In August 2016, Shadow Brokers managed to steal hacking tools from the NSA and sold them for a meager sum of1000 Bitcoins after a failed attempt to auction them. Now the group has announced a scheme in which they aim to target Windows based systems. According to Heimdal Security researchers, Shadow Brokers are now trying to sell a new set of hacking tools, which can exploit Windows-based systems.
The latest sale was announced by the group on Twitter and on their new website, the group mentioned that they will sell the entire database of Windows-based hacking tools that they have stolen from The Equation Group. The price set for these hacking tool is 750 Bitcoins ($606,000). They also provided information on various tools that can let any attacker remotely control Windows systems after enrolling them into a central botnet.
— theshadowbrokers (@shadowbrokerss) January 8, 2017
The researchers also identified a remote administration (RAT) tool known as DanderSpritz that is being sold by Shadow Brokers. Upon searching, it was identified that the DanderSpritz has been mentioned in several documents leaked by Edward Snowden.
Remember, Kaspersky researcher once stated that Equation Group is “the most advanced … we have seen” so tools stolen from them do matter.
For more technical details check out Heimdal Security’s blog post on these hacking tools.