The Shadow Brokers

About

The Shadow Brokers are a group of black-hat hackers who gained much notoriety online for leaking a collection of National Security Agency (NSA) hacking tools in April 2017.

History

The name "Shadow Broker" is believed to be a reference to a character in the Mass Effect video game series, who leads a shadowy organization that trades in information on the black market.^[1] On August 13th, 2016, the @TheShadowBrokerss^[2] Twitter feed posted a link to a Pastebin page,^[3] inviting interested parties to bid on various cyber weapons in their possession. On August 16th, Edward Snowden tweeted that "circumstantial evidence" suggested the Russians were responsible for stealing the cyber weapons (shown below).^[6]

In October, the group released a message on the /r/DarkNetMarkets^[4] subreddit, containing a list of tools and servers purportedly hacked by Equation Group, a threat actor suspected of being tied to the NSA. On April 8th, 2017, The Shadow Brokers released an article on Medium^[5] titled "Don't Forget Your Base," providing a password to various encrypted files they had previously released, claiming the leak was in response to Donald Trump's airstrike on the Shayrat Air Base in Syria.

April 2017 Leak

On April 14th, 2017, the group tweeted out a link to a page on the blogging site Steemit, providing a link to a batch of files along with the password "Reeeeeeeeeeeeeee." Among the files included various tools and exploits, many of which targeted Microsoft Windows operating systems. That day, Twitter user @hackerfantastic posted a video showing how the leaked ETERNALBLUE tool could be used to compromise a Windows 2008 machine in under two minutes (shown below).

Search Interest

External References