TheShadowBrokers group returns with NSA UNITEDRAKE hacking malware and promises more leaks
It feels as though it has been a while since we heard anything from the hacking group TheShadowBrokers. The group's latest data dump sees the release of the NSA's UNITEDRAKE exploit tool, and there's also a promise of two data dumps a month moving forward.
UNITEDRAKE is a remote access hacking tool that can be used to target Windows machines. Modular in nature, the malware can be expanded through the use of plugins to increase its capabilities so it can capture footage from webcams, tap into microphones, capture keystrokes, and more.
- After WannaCry chaos, ShadowBrokers threaten 'Data Dump of the Month' service, including Windows 10 exploits
- TheShadowBrokers ditch Bitcoin in favour of Zcash as details emerge of monthly exploit subscription service
The group famously set up a subscription-based data dump service, and now it appears to be trying to drum up further interest -- and more money. TheShadowBrokers has posted to cloud storage service Mega its data dumps for August, September, October and November, but they are all encrypted. Not encrypted, however, is the manual that accompanies the August dump -- the manual for the NSA's UNITEDRAKE tool.
The move is being seen as a way of reassuring would-be subscribers that their money would not be going to waste:
Shadow Brokers are back. Looks like they're providing files in advance to try and dampen worries their exploit service of the month was crap pic.twitter.com/umRF74HUCQ
— Joseph Cox (@josephfcox) September 6, 2017
The PDF for UNITEDRAKE reveals the tool to be a way of monitoring compromised computers running Windows XP, Vista, 7, 8 or Windows Server 2012.
In a post on Steemit -- its outlet of choice -- TheShadowBrokers group says:
Missing theshadowbrokers? If someone is paying then theshadowbrokers is playing.
Changes to Dump Service:
- Two dumps per month
- Zcash only, no Monero, delivery email in encrypted memo field
- Delivery email address clearnet only, recommend tutanota or protonmail, no need exchange secret, no i2p, no bitmessage, no zeronet
- Previous dumps now available, send correct amount to correct ZEC address
- September dumps is being exploits