TheShadowBrokers, an online group claiming to be responsible for the recent ransomware attack, have issued a public statement. This statement details their claimed activity to-date, and upcoming plans for June, namely “TheShadowBrokers Monthly Data Dump”, a monthly subscription service for web browser, router, and handset exploits, compromised network data, and vulnerability exploits for newer operating systems such as Windows 10. The statement also concludes with a threat that if payment is not received from “responsible part[ies]”, TheShadowBrokers will sell the data obtained in the recent ransomware attack to the public.
Who are TheShadowBrokers?
TheShadowBrokers are an anonymous online collective whose main missions appear to be to expose the flaws in currently insecure software through cyber attacks, and criticising former hacking group The Equation Group’s (who were found to have explicit ties to the National Security Agency of America), particularly with hacking tools compiled by this group.
Through naming The Equation Group, and stating that their online activity is “about theshadowbrokers vs theequationgroup”, TheShadowBrokers are waging a public rivalry that could affect more uninvolved organisations as victims, most recently the NHS, businesses, schools, hospitals and individuals worldwide. Who is affected by future malware incidents will likely be determined by which organisations have vulnerabilities which can be exploited by the tools available to TheShadowBrokers and other hacking groups. Though the WannaCry malware utilised on the 12th May has links to the NSA’s own toolkit, the “exploits and tools” which may be offered by TheShadowBrokers Monthly Data Dump remain unknown.
Mitigate have recently issued advice regarding the ransomware attack on Friday 12th May, and will continue to seek the latest information and intelligence. For further information, feel free to contact us today.
For more current news and updates on cyber security, please check our Twitter feed (@XyoneSecurity) and news posts on our website regularly.