Shadow Brokers
Description
Breached a server where zero-days accumulated by Equation Group were held, leaked a large section on the internet and tried to sell the rest afterward. Most of the published vulnerabilities have since been fixed by the respective vendors, but many have been used by other threat actors. Most notably among the dumps were zero-days such as ETERNALBLUE that were used for the creation of infamous ransomware explosions such as WannaCry and NotPetya.
Shadow Brokers turned out to be an ex-NSA contractor.
Names
| Name | Name-Giver |
|---|---|
| Shadow Brokers | self given |
Country
Motivation
- Financial gain
First Seen
2016
Operations
- 2016-08: Initial public dump https://musalbas.com/blog/2016/08/16/equation-group-firewall-operations-catalogue.html
- 2016-10: ‘Shadow Brokers’ Whine That Nobody Is Buying Their Hacked NSA Files https://www.vice.com/en_us/article/53djj3/shadow-brokers-whine-that-nobody-is-buying-their-hacked-nsa-files
- 2016-10: Second Shadow Brokers dump released https://www.scmagazineuk.com/second-shadow-brokers-dump-released/article/1476023
- 2017-03: In March 2017, the ShadowBrokers published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch. https://securelist.com/darkpulsar/88199/
- 2017-04: Shadow Brokers leaks show U.S. spies successfully hacked Russian, Iranian targets https://www.cyberscoop.com/nsa-shadow-brokers-leaks-iran-russia-optimusprime-stoicsurgeon/
- 2017-04: New NSA leak may expose its bank spying, Windows exploits https://www.csoonline.com/article/3190055/new-nsa-leak-may-expose-its-bank-spying-windows-exploits.html
- 2017-04: ShadowBrokers Dump More Equation Group Hacks, Auction File Password https://threatpost.com/shadowbrokers-dump-more-equation-group-hacks-auction-file-password/124882/
- 2017-09: ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month http://securityaffairs.co/wordpress/62770/hacking/shadowbrokers-return.html
- 2017-09: ShadowBrokers Release UNITEDRAKE Malware https://www.hackread.com/nsa-data-dump-shadowbrokers-expose-unitedrake-malware/
Counter Operations
- 2017-11: Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools? https://blacklakesecurity.com/who-was-the-nsa-contractor-arrested-for-leaking-the-shadow-brokers-hacking-tools/
Information
Other Information
Uuid
4c7e8be4-5f97-4ca9-a4bd-eaa1709661c1
Last Card Change
2020-05-21