The Shadow Brokers hacker group keeps offering tools and exploits which they steal from the U.S. National Security Agency (NSA). Among these is a special espionage platform that can be used for gaining full control of PCs.
Last year, the Shadow Brokers group tried to make lots of money by selling different types of tools and exploits used by the cyber espionage actor Equation Group, which the experts linked to the NSA.
Several attempts failed, however, Shadow Brokers did not give up. The group’s latest offer features monthly leaks for which the interested parties should pay a fee ranging between 100 Zcash (approx. $24,000) and 16,000 Zcash (approx. $3.8 million). The older dumps can be received for a few hundred Zcash, while the price of future dumps increases exponentially.
According to the analysis of their cryptocurrency addresses, the attackers have made more than tens of thousands of dollars from the monthly dump service.
In their September release, the Shadow Brokers group informed the interested entities that they will offer two dumps every month and will not accept Monero digital currency anymore.
While the content of each leak is not disclosed, one of the files made available for free this month, a user manual, suggests that last month’s dump included an NSA tool known as UNITEDRAKE.
UNITEDRAKE is a modular platform which lets users gain full control of a Windows computer. In 2014, this tool was mentioned by The Intercept when it started releasing files from the NSA whistleblower Edward Snowden.
In February 2015, the tool was described by Kaspersky Lab in the first report to link tools detailed in Snowden documents to the Equation Group cyberespionage group.
UNITEDRAKE was tracked as EquationDrug, whose successor was GrayFish. According Kasperky Lab, EquationDrug and GrayFish were used between 2003 and 2014.