SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
7 Sep 2017

The Shadow Brokers return with the release of UNITEDRAKE exploit

The ShadowBrokers have promised the release of NSA exploit UNITEDRAKE which remotely targets Windows machines to subscribers.

This week, the threat group posted an update to the Monthly Dump service, which will now include two cache dumps every four weeks for subscribers. The changes have been made potentially as a means to drum up extra interest for cyberattackers, government groups, or vendors which have chosen to subscribe to the service to gain access to the stolen exploits and malware samples.

As noted by Joseph Cox, the September dump includes a manual for UNITEDRAKE (.PDF), modular malware which remotely targets Microsoft Windows machines. Able to compromise Windows PCs running on XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, as well as Windows 8 and Windows Server 2012, the attack tool acts as a service to capture information. UNITEDRAKE, described as a "fully extensible remote collection system designed for Windows targets," also gives operators the opportunity to take complete control of a device.

The malware's modules -- including FOGGYBOTTOM and GROK -- can perform tasks including listening in and monitoring communication, capturing keystrokes and both webcam and microphone usage, the impersonation users, stealing diagnostics information and self-destructing once tasks are completed.

These tools were developed and used by the US National Security Agency (NSA) to perform mass surveillance and bulk hacking worldwide, and only came to light due to Edward Snowden's disclosures in 2014. ShadowBrokers has now chosen to only accept Zcash (ZEC), rather than Monero (XMR). This may be related to the work of a researcher wh1sks, who estimates that the group was able to make up to $88,000 in July alone.

In a blog post, the researcher explained that they were able to scrape the email addresses and payment IDs (PIDs) on the Monero (XMR) blockchain. In addition, Monero lacks encrypted memo fields, which would force the ShadowBrokers to use multiple channels to send files, while using ZEC ensures content can be sent straight to an email address.

To further capitalize on the theft, the hackers have made previous dumps available for purchase, with prices ranging from 100 ZEC ($24,000) to 1600 ZEC ( $3.8m). In August last year, the cyberattack group attempted to sell off its full cache of exploits through an "auction" which demanded millions of dollars' worth of Bitcoin. However, after falling flat, it seems subscriptions are more lucrative -- at least while the vulnerabilities last.

The subscription service is shrouded in secrecy, but several months ago, one subscriber came out in public. The subscriber, going under the name fsyourmoms, complained that the "Wine of the month" club was a rip-off. "TheShadowBrokers ripped me off," the subscriber said. "I paid 500 XMR for their "Wine of the Month Club" and only they sent me a single tool that already requires me to have a box exploited.

A tool, not even an exploit! The tool also looks to be old, and not close to what the ShadowBrokers said could be in their subscription service." A leaked NSA exploit called EternalBlue became the platform for the recent WannaCry ransomware attackers which crippled businesses and core services worldwide.


Download SafeUM — communicate privately, without advertising and spam.

Tags:
hackers information leaks NSA
Source:
ZDNet
1896
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015