Shadow Brokers

Today, the Shadow Brokers have published a new message teasing new exploits for people who register for a new membership program the group has announced for next month, June 2017.

The announcement comes on the heels of a very virulent ransomware outbreak that has used one of the exploits previously leaked by the group.

That exploit is ETERNALBLUE, a supposed hacking tool developed by the Equation Group, a codenamed usually given to NSA cyber-operations. The Shadow Brokers leaked ETERNALBLUE in April 2017, as part of a larger data trove they started advertising in August 2016.

Shadow Brokers tease new exploits

Trying to capitalize on the success of the WannaCry ransomware, which used ETERNALBLUE for a self-spreading SMB worm, The Shadow Brokers are now announcing the "TheShadowBrokers Data Dump of the Month" service, a monthly subscription plan.

The group claims it will release new exploits through this new monthly membership program. According to the group, these are the types of exploits we can expect:

⎆ web browser exploits
⎆ router exploits
⎆ mobile handset exploits and tools
⎆ items from newer Ops Disks
⎆ exploits for Windows 10
⎆ compromised network data from more SWIFT providers and central banks
⎆ compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs

Based on previous announcements, there is no reason to doubt the group's claims, as they have always released the files they teased. Unlike before, this time, the group has not provided any teasers or demo files to sustain their claims.

Another Shadow Brokers business model

The monthly membership program is yet another business module the Shadow Brokers group is using in an attempt to collect money.

Back in August 2016, the group launched an auction, promising to provide the password of a password-protected archive to the highest bidder. To tease bidders, the group dumped a collection of files containing mostly firewall exploits.

Because people didn't join the bidding, the group converted the open auction to a crowdfund. After the crowdfund also failed, the group started selling individual tools instead of the whole password-protected archive.

That attempt was also doomed, and after failing to secure buyers for the remainder of the tools they teased, the group dumped online the August 2016 password-protected archive last month in April.

Latest Shadow Brokers message contains wild statements

Today's message teases supposed exploits that nobody ever knew the group had, which is why their claims should be taken with a grain of salt.

In their message, the group also wanted to take credit for Microsoft patching the zero-days the group disclosed. The group alluded that because they posted a screenshot with the content of some of their hacking tools, the NSA realized what they lost and informed Microsoft of the zero-days.

According to the Shadow Brokers, Microsoft proceeded to cancel February's Patch Tuesday so they could work on the patches the company delivered in March. Those patches included MS17-010, which contains a fix for the SMB exploit the Shadow Brokers leaked in April and now used by the WannaCry ransomware.

Additionally, the Shadow Brokers took an entire paragraph to insult Microsoft Chief Legal Officer Brad Smith, who had the audacity to propose a Digital Geneva Convention that would restrict nations from using cyber-weapons against end users and tech companies.

The group also alluded that the US government is paying tech companies, such as Microsoft, not to patch zero-days. Accusations like these should never be taken at face value, as the Shadow Brokers is most likely a covert operation with its agenda of seeding dissent and doubt surrounding the NSA's actions.