May 29, 2017
The hacking group that says it facilitated the WannaCry ransomware attack has threatened to leak a new wave of hacking tools it claims to have stolen from the National Security Agency. The so-called Shadow Brokers, who claimed responsibility for releasing NSA tools that spread the WannaCry ransomware through the NHS and across the world, says it has a new suite of tools and vulnerabilities in newer software. The possible targets include Microsoft’s Windows 10, which was unaffected by the initial attack and is on at least 500m devices around the world.
The group claims to have Ops Disk stolen from the NSA and claims to have exploits for web browsers, routers, Smartphones, data from the international money transfer network SWIFT and compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs.
While the motives of the Shadow Brokers remains unknown, it claimed that it wasn’t interested in the bug bounties paid by software firms for vulnerabilities found in their code or selling to "cyber thugs". It said it was "taking pride in picking adversary equal to or better than selves, a worthy opponent" and that it was "always being about the shadow brokers vs. the equation group [a sophisticated hacking team believed to be operated by the NSA]."
Shadow Brokers came to public attention in August 2016 when it mounted an unsuccessful attempt to auction off a set of older cyber-spying tools it said were stolen from the NSA. The leaks, and the global WannaCry ransomware attack that they led to, have renewed debate over how and when intelligence agencies should disclose vulnerabilities used in cyber spying programs so that businesses and consumers can better defend themselves.
The WannaCry attack stoked fears that the spy agency’s powerful cyber weapons could now be turned to criminal use, ratcheting up cyber security threats to a new level. The NSA has not commented on Shadow Brokers since the group emerged last year, or on the contents of past leaks or Friday's ransomware attack.
It is unknown whether the Shadow Brokers genuinely have further tools stolen from the NSA or whether the group will make good on its threats. But the naming of Windows 10 specifically will undoubtedly set Microsoft, its partners and corporations using the latest version of Windows, which until now has been unaffected by WannaCry, on edge.