The hacking group that says it facilitated the WannaCry ransomware attack has threatened to leak a new wave of hacking tools it claims to have stolen from the National Security Agency.
The so-called Shadow Brokers, who claimed responsibility for releasing NSA tools that spread the WannaCry ransomware through the NHS and across the world, says it has a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft’s Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.
In a blog post written in its trademark broken English, the group said it has more so-called Ops Disks, which it says were also stolen from the NSA. It also claims to have exploits for web browsers, routers, smartphones, data from the international money transfer network SWIFT and "compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs."
In the post, which will worry security agencies and companies around the world, the Shadow Brokers said: "In June, TheShadowBrokers is announcing 'TheShadowBrokers Data Dump of the Month' service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members."
The hacking group said it would release tools to subscribers each month or would "go dark permanently" if the "responsible party" bought all the tools for a lump sum, suggesting that the Shadow Brokers could be willing to hand over stolen hacking tools to the NSA for a price.
While the motives of the Shadow Brokers remains unknown, it claimed that it wasn’t interested in the bug bounties paid by software firms for vulnerabilities found in their code or selling to "cyber thugs". It said it was "taking pride in picking adversary equal to or better than selves, a worthy opponent" and that it was "always being about theshadowbrokers vs theequationgroup [a sophisticated hacking team believed to be operated by the NSA]."
The cyber security community has been combing through the blog post and other indicators for the Shadow Broker’s intentions. "ShadowBrokers are back," tweeted Matthieu Suiche, a French hacker and founder of the United Arab Emirates-based cyber security firm Comae Technologies, who has studied the Shadow Broker releases and believes the group has access to NSA files.
Shadow Brokers came to public attention in August 2016 when it mounted an unsuccessful attempt to auction off a set of older cyber-spying tools it said were stolen from the NSA. The leaks, and the global WannaCry ransomware attack that they led to, have renewed debate over how and when intelligence agencies should disclose vulnerabilities used in cyber spying programs so that businesses and consumers can better defend themselves.
The WannaCry attack [also known as WannaCrypt] stoked fears that the spy agency’s powerful cyber weapons could now be turned to criminal use, ratcheting up cyber security threats to a new level. The NSA has not commented on Shadow Brokers since the group emerged last year, or on the contents of past leaks or Friday's ransomware attack.
It is unknown whether the Shadow Brokers genuinely have further tools stolen from the NSA or whether the group will make good on its threats. But the naming of Windows 10 specifically will undoubtedly set Microsoft, its partners and corporations using the latest version of Windows, which until now has been unaffected by WannaCry, on edge.
In her analysis of the Shadow Brokers’ threat, independent security researcher Marcy Wheeler wrote that "simply by threatening another leak after leaking two sets of Microsoft exploits, Shadow Brokers will ratchet up the hostility between Microsoft and the government."
Microsoft said on Tuesday it was aware of Shadow Brokers’ most recent claim and that its security teams monitor potential threats in order to "help us prioritise and take appropriate action." Microsoft president and chief legal officer Brad Smith said earlier this week the WannaCry attack used elements stolen from NSA cyber warfare operations. The US government has not commented directly on the matter.
© 2017 Guardian Web under contract with NewsEdge/Acquire Media. All rights reserved.
Read more on: Cybercrime
, North Korea
Posted: 2017-05-22 @ 2:12am PT
It affected "older" Microsoft PCs (along with other OSes) - simply because the vulnerabilities were built during a time when these OSes weren't "older".
The two main exploits that I know of revolve around RDP and SMB.
Posted: 2017-05-20 @ 10:31am PT
I would like to know why this only affected the older Microsoft PC's? Not the new Win10? Why did MS wait so long to get the patch put out? They knew, they took their time. Interesting that no one is looking at MS for creating their own problem just so they can FORCE people on to their new spyware OS Windows 10. You know the one. It tells you what you are interested in, it tells you what updates you need, it will lock itself if Microsoft doesn't like what you are doing, searching or texting to someone. You can't turn features off without having to do it again and again because with every update, MS turns the crap you don't need or want, right back on. I would not doubt the "Shadow brokers" are actually employees of the Microsoft Corporation and get paid to force people to upgrade to fix their problems. The ransom part was just to get your attention.