This morning, a new set of hacking tools was released by TheShadowBrokers group, revealing new techniques for hacking both Windows and certain financial networks.
Likely originating with the NSA, the tools give new clues as to the group’s targets in recent years, which seem to include both international anti-money-laundering groups and oil companies in the Persian Gulf region. Some of the hacking tools were flagged by antivirus services as early as 2012, but experts believe the dump contains at least some undisclosed vulnerabilities for older versions of Windows. The leak also contains new attacks against the SWIFT banking network, used to transfer money internationally.
The files are mirrored on Github here, and researchers are already poring through the findings in a dedicated #shadowbrokers room on the Freenode IRC channel. A full list of the implants is available here.
First emerging in August, the ShadowBrokers’ are believed to have stolen hacking tools from the NSA, with many analysts tracing the exploits to a compromised “listening post” used by the service to launch attacks remotely. Less is known about the ShadowBrokers themselves, although some have speculated the group may have ties to Russia.
Like previous drops, the data was accompanied by an enigmatic message in purposefully broken English. “Is being too bad nobody deciding to be paying theshadowbrokers,” one portion reads. “TheShadowBrokers rather being getting drunk with McAfee on desert island with hot babes,” an apparent reference to eccentric anti-virus mogul John McAfee.
The drop comes just days after an earlier drop of Unix-focused exploits on April 8th. Those files were accompanied by a short blog post taking President Trump to task for launching military strikes in Syria, among other recent actions. “TheShadowBrokers voted for you,” the post read. “TheShadowBrokers supports you. TheShadowBrokers is losing faith in you.”