The Shadow Brokers, the hacking group that stole NSA hacking tools and released the exploits used in the recent WannaCrypt ransomware attacks, is launching a new subscription service for stolen zero-day exploits.
In a statement published this week, the group offered subscriptions for its zero-day-as-a-service for the low-low cost of 100 units of Zcash cryptocurrency, or approximately $21,000 per month.
The Shadow Brokers first burst onto the InfoSec scene in back in August 2016, when the group posted a 300MB cache of so-called “cyberweapons,” purportedly stolen from the Equation Group, a hacking team that many security researchers believe to be a part of the NSA’s elite Tailored Access Operations (TAO) unit.
The Shadow Brokers offered to sell off those exploits in a bitcoin auction starting at approximately $500 million USD. As proof, the group released an unencrypted sample with 300 megabytes worth of exploits designed to target various networking appliances from companies like Cisco and Fortinet. When it became clear that no one was bidding, the hacker group began dumping tools, first in November 2016, and again in April 2017, when they released the EternalBlue exploit and DoublePulsar backdoor used to devasting effect in the recent WannaCry ransomware attacks.
Now, with the new service due to start next month, the Shadow Brokers seem eager to find a new way to monetize their ill-gotten goods, though what exactly subscribers will gain remains unclear. “TheShadowBrokers is not deciding yet. Something of value to someone,” the group wrote of the upcoming dump.
The Shadow Brokers seem to be betting that curiosity will get the better of security firms and governments, writing that the “monthly dump is being for high rollers, hackers, security companies, OEMs, and governments,” for whom “playing “the game” is involving risks.”
The question to ask, according to the Shadow Brokers, is not what’s in the forthcoming dump, but “can my organization afford not to be first to get access to theshadowbrokers dumps?”
It appears that angle may be paying off—some researchers are already attempting to crowdfund access to the dump, which could potentially severely hamper the effectiveness of any zero-day exploits released while giving security researchers and companies a chance to study exploits and add detections. However, some researchers are urging security companies not to get involved, as it would only encourage the hackers.
If InfoSec vendors fund Shadow Brokers ($20k per monthly subscription) leaking Nation State tools I think it's a new low for InfoSec.
— Kevin Beaumont (@GossiTheDog) May 30, 2017
- Six Endpoint Security Vendors to Watch in 2018 - November 28, 2017
- Bitdefender Releases Cloud-Based Endpoint Detection and Response Tool - November 13, 2017
- CrowdStrike Adds Vulnerability Management Module to It’s Endpoint Protection Platform - November 10, 2017