The Shadow Brokers, who published informations about stolen NSA-Documents which first results was the WannaCry attack of last weekend, announced to have even more sensitive data and details available.
In a blog post, the group said it was setting up a “monthly data dump” and that it could offer tools to break into
- web browser, router, handset exploits and tools
- select items from newer Ops Disks, including newer exploits for Windows 10
- compromised network data from more SWIFT providers and Central banks
- compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programs
Undisclosed Windows 10 Zero-day exploits
They offered to keep all data secret “if a responsible party” buys all the stolen data. Following more and also previous posts from the group, according to the ammount of stolen data and how fast a patch to some previous published leaks was published, it is most likely that the NSA pays big companies for not fixing several exploits.
TheShadowBrokers is thinking Google Project Zero is having some former TheEquationGroup member. Project Zero recently releasing “Wormable Zero-Day” Microsoft patching in record time, knowing it was coming? coincidence?
The Shadow Brokers made the screenshots available in January. The NSA supposedly realized what the Shadow Brokers had and told Microsoft. Microsoft took the unprecedented step of skipping Patch Tuesday in February and then released the SMB (Server Message Block) fix in March that was used by WannaCry and not dumped by the Shadow Brokers until April.
We will see if and what will be published in June …