The Shadow Brokers who previously stole and leaked a portion of the NSA hacking tools and exploits is back with a Bang!
The hacking group is now selling another package of hacking tools, “Equation Group Windows Warez,” which includes Windows exploits and antivirus bypass tools, stolen from the NSA-linked hacking unit, The Equation Group.
For those unfamiliar with the topic, The Shadow Brokers is a notorious group of black-hat hackers who, in August 2016, leaked exploits, security vulnerabilities, and "powerful espionage tools" created by The Equation Group. On Saturday, the Shadow Brokers posted a message on their ZeroNet based website, announcing the sale of the entire "Windows Warez" collection for 750 Bitcoin (around US$678,630).
The data dump contains many windows hacking tools, categorized as following:
- Fuzzing tools (used to discover errors and security loopholes)
- Exploit Framework
- Network Implants
- Remote Administration Tools (RAT)
- Remote Code Execution Exploits for IIS, RDP, RPC, SMB Protocols (Some Zero-Days)
- SMB BackDoor (Implant)
Interestingly, the Remote Administration Tool (RAT) "DanderSpritz" included in the list is the one previously leaked in the NSA's documents revealed by Edward Snowden. Besides this, malware researcher Jacob Williams analyzed the archive of "screenshots and output of the find command across the dump" provided by the hacker as an evidence of legitimacy and estimated that the tools may also include a Fully Undetectable Malware (FUD) toolkit.
The FUD toolkit might have an ability to "evade/bypass personal security products," such as Avira, Avast, Dr.Web, ESET Antivirus, Comodo, McAfee Antivirus, Microsoft Essential, Panda, Symantec, Trend Micro and Kaspersky Antivirus. The buyers can purchase the entire database of hacking tools that The Equation Group used against various countries to expand its espionage operations.
In August, the Shadow Brokers announced an auction attempting to sell the complete set of tools to the highest bidder, but the group cancelled their auction in October due to little or no response on their public sale. But since this time the group has made Windows hacking tools up for sale, the chances are that hackers and espionage groups would be interested in buying these hacking tools.
