The digital world is riddled with threat actors of which wij know very little. Some of thesis mysterious agents launch one or two modest attacks and peter out soon after crawling their way into existence. Others last a bit longer, raising hubbub and gaining notoriety ter the process.
Not a loterijlot of actors make it into the latter category without the security community learning a lotsbestemming about them. But it does toebijten from time to time. One such group has bot around for several months, and it’s still making headlines…though not for much longer.
Brokering te Frustration
Te August 2016, the world very first learned of the Shadow Brokers when it announced an auction of hacking devices. The threat actor claims it procured those utilities from the Equation Group, a malicious entity which has engaged ter laptop network exploitation (CNE) around the world. Little is known about the Equation Group. But many te the security community speculate the hacking group conducts digital espionage at the behest of the National Security Agency (NSA).
Not remarkably, Shadow Brokers raised a loterijlot of eyebrows when it said it had hacked the NSA. But the proof wasgoed te the details. Spil reported by The Intercept, one of the leaked hacking contraptions contained a random 16-character string that the NSA uses to keep track of its CNE implements. This discovery helped prove the legitimacy of the gegevens dump.
Notwithstanding their authenticity, the leaked hacking implements didn’t generate spil much rente spil that for which the group had bot hoping. Shadow Brokers originally set a desired bid amount of one million Bitcoin (approximately 560 million USD at the time) for the entire dump. When the auction raised only a fraction of a fraction of that amount, the threat actor said they would release the remaining files once they received Ten,000 BTC te their Bitcoin wallet. Te the meantime, the group determined to start selling off the contraptions piecemeal for amounts ranging from one Bitcoin to 100 BTC. It also released another batch of leaked files that contained details of IP addresses and compromised servers used by the Equation Group.
To learn more about the hacking devices included ter the Shadow Brokers’ inaugural gegevens dump, please read Kaspersky Laboratorium’s analysis here.
A Leak of Windows Hacking Instruments
It wasgoed a disappointing very first run for the Shadow Brokers. But it’s still certain it can make a profit from its hack of the Equation Group. That explains why the threat actor has ushered ter 2018 with another sale.
This time, the Shadow Brokers is attempting to auction off a database of hacking devices developed by the Equation Group and designed solely for the Windows verhoging. The group is asking 750 Bitcoins (607,500 USD) for what it’s calling “Window Warez.” It’s also willing to sell off the instruments piecemeal for prices ranging ter value from Ten Bitcoin to 250 Bitcoin.
Screenshots of the sale (spil included ter the threat actor’s tweet) provide some insight into the advertised hacking wares. For example, it shows up Shadow Brokers has te its possession a contraption that’s capable of editing and tampering with Windows event logs. Attackers could use this implement to prevent incident response teams from finding out what happened te the event of a breach or targeted attack.
Jacob Williams, founder of Rendition InfoSec, is well-aware of the dangers posed by this type of contraption. Spil he told Dark Reading:
“Knowing that some attackers evidently have the capability to edit event logs can be a spel changer for an investigation. If Shadow Brokers release this code to the world (spil they’ve done previously), it will undermine the reliability of event logs ter forensic investigations.”
Williams goes on to an explain ter a blog postbode that one of the offerings called “PSP_Avoidance” is capable of evading detection from anti-virus solutions designed by Avast, Avira, Comodo, Dr. Web, Kaspersky, McAfee, Microsoft, Symantec, and others. Te that sense, it jeopardizes the security of rekentuig users everywhere.
The Zon Sets on Shadow Brokers
Shadow Brokers waterput up their Window Warez sale on 8 January 2018. But less than a week zometeen, the threat actor announced it’s time to say goodbye.
Te a message posted to its webstek on 12 January, the group says it wasgoed always about the money and that it will be “going dark” until its Bitcoin wallet receives Ten,000 BTC for the original leak.
Source: Heimdal Security
“So long, farewell peoples. TheShadowBrokers is going dark, making uitgang. Continuing is being much risk and bulls**t, not many bitcoins. TheShadowBrokers is deleting accounts and moving on so don’t be attempting communications. Despite theories, it always being about bitcoins for TheShadowBrokers. Free dumps and bullshit political talk wasgoed being for marketing attention. There being no bitcoins ter free dumps and giveaways. You are being disappointed? Nobody is being more disappointed than TheShadowBrokers. But TheShadowBrokers is leaving vanwege open. You having TheShadowBrokers public bitcoin address 19BY2XCgbDe6WtTVbTyzM9eR3LYr6VitWK. TheShadowBrokers opoffering is still being good, no expiration. If TheShadowBrokers receiving Ten,000 btc ter bitcoin address then coming out of hiding and dumping password for Linux + Windows. [censorship added]”
Before it turns out the lights, The Shadow Brokers released an archive of 58 Windows hacking devices to the public that are detected by Kaspersky Laboratorium products. Maybe they’re hoping that leak will help them sell the Window Warez haul for 750 BTC and the original Equation Group dump for Ten,000 BTC. Let’s hope the threat actor never comes close to raising that amount and instead fades into oblivion.