Over the past few days, one of the biggest ever cyber extortion schemes - WannaCry, claimed more that 300,000 computers across 150 countries in the world. The ransomware blocked crucial access to data in banks, hospitals, universities, public transport services, telecom operators, shipping companies and more, all around the world.
Hackers who deployed the WannaCry ransomware used an NSA exploit which was leaked in April by another hacking group called Shadow Brokers. The leaked NSA tool named ‘EternalBlue’, helped hackers add the worm feature to WannaCry, enabling the malware to replicate itself across vulnerable machines in both government and private organisations around the globe.
On Tuesday, Shadow Brokers released an open letter announcing that the group is planning yet another data dump of NSA tools in June. In the said letter, the hacking group stated, “TheShadowBrokers is taking pride in picking adversary equal to or better than selves, a worthy opponent.” They further added, “The oracle is telling theshadowbrokers North Korea is being responsible for the global cyber attack Wanna Cry.”
While The Shadow Brokers say it is planning no dumps in May, as the members are busy eating “popcorn and watching ‘Your Fired’ and WannaCry,” the group has warned of another data dump in June. “In June, TheShadowBrokers is announcing ‘TheShadowBrokers Data Dump of the Month’ service. TheShadowBrokers is launching new monthly subscription model. Is being like wine of month club. Each month peoples can be paying membership fee, then getting members only data dump each month. What members doing with data after is up to members.”
This time around, the dump could include exploits and tools for web browsers, routers and handsets. In addition, the leak could include - select items from newer Ops Disks, including newer exploits for Windows 10; compromised network data from more SWIFT providers and Central banks; and compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.
Further, The Shadow Brokers said that they tried to sell the stolen NSA tools in an auction, before leaking the same. They also want to send a strong message to an ‘Equation Group’, another hacking group linked to the NSA. The open letter says, “Despite what scumbag Microsoft Lawyer is wanting the peoples to be believing Microsoft is being BFF with the equation group. Microsoft and the equation group is having very very large enterprise contracts millions or billions of USD each year. The Equation Group is having spies inside Microsoft and other U.S. technology companies.”
The Shadow Brokers further allege that this Equation Group is paying US tech companies “Not to patch” vulnerabilities until users discover the same.