Content, Breach

The Shadow Brokers (TSB) Hacker Group Updates Monthly Data Dump Service

The Shadow Brokers (TSB), a cybercriminal group that publishes computer exploits and hacking tools, has announced several changes to its monthly data dump service.

Notable changes to the TSB data dump service include:

  • Two dumps per month.
  • Zcash cryptocurrency payments only.
  • Delivery email address must be Clearnet (unencrypted).

TSB unveiled its data dump service in May, and the service debuted in June. The group noted each data dump may include a variety of sensitive information, such as:

  • Compromised network data from national defense missile programs.
  • Compromised network data from SWIFT bank network providers and central banks.
  • Handset, router and web browser exploits and tools.
  • Windows 10 exploits.

In addition, TSB said it would go permanently dark if a "responsible party" – likely the National Security Agency (NSA) – bought all of its stolen data before it was sold.

TSB Publishes "Lost in Translation" Archive

TSB published its "Lost in Translation" archive, which contained exploits for different versions of Windows, in the second quarter of 2017. The publication was associated with the ExPetr and WannaCry pandemics, along with the CVE-2017-0199 vulnerability in Microsoft Office.

The "Lost in Translation" release also marked the beginning of a wave of "in-the-wild vulnerabilities" in 2Q17, according to cybersecurity solutions company Kaspersky Lab.

"Despite the fact that most of these vulnerabilities were not zero-day vulnerabilities and were patched ... the ("Lost in Translation") publication led to disastrous consequences," Kaspersky said in a prepared statement.

TSB: Here's What You Need to Know

TSB initially surfaced in mid-2016 and allegedly stole data from the NSA. According to The Atlantic, TSB has leaked NSA exploits and hacking tools that target:

  • Mail servers.
  • Routers.
  • SWIFT banking network.
  • Windows.

TSB currently offers a subscription service that provides regular data dumps. However, customers may be required to pay more than $22,000 for a new batch of stolen code from TSB, Reuters reported.

Furthermore, questions persist about whether TSB will be able to successfully commercialize and monetize its exploits and hacking tools.

TSB has already tried to auction stolen code and sell it directly to consumers, Mounir Hahad, senior director at threat intelligence solutions provider Cyphort Labs, told SC Magazine. Meanwhile, neither of these methods has helped TSB achieve its desired results, Hahad stated.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.