The Shadow Brokers is back in business with the release of another NSA exploit, UNITEDRAKE. The exploit promises to remotely target Windows machines. "If someone is paying then theshadowbrokers is playing," the group said in an update to the Monthly Dump service. The group has promised to now deliver two cache dumps to its subscribers every month.
The Shadow Brokers first came to spotlight last summer and since then has dumped a number of exploits and leaked documents from the government intelligence agencies. The group has so far done the most damage with the NSA exploit EternalBlue that was used by the criminals behind WannaCry ransomware that crippled hundreds of thousands of businesses and hospitals.
The group had first tried to sell all of its cache in an auction demanding millions of dollars but couldn't attract any potential buyers. Since then the group has dumped some critical exploits and later on moved to an apparently more rewarding subscription model. While some buyers have previously called on the group for ripping them off, it continues to deliver what seem like some deadly exploits.
UNITEDRAKE RAT available for 500 Zcash (ZEC)
The latest NSA exploit dubbed as UNITEDRAKE can compromise Windows machines remotely and affects Windows XP, Windows Server 2003 and 2008, Vista, Windows 7 SP 1 and below, Windows 8, and Windows Server 2012. The group has described the malware as a "fully extensible remote collection system designed for Windows targets," that can capture information from target machines.
Some of its modules can also enable attackers to monitor communications, capture keystrokes, record through webcam and microphone, and steal information. TSB has also released a manual (PDF) probably to generate more interest following the dissatisfaction among buyers.
National Security Agency had reportedly developed this tool as part of its mass surveillance program that was first publicised after Edward Snowden leaked the program's details back in 2014. The high-profile scandal exposed NSA's espionage tools and tactics and had also mentioned UNITEDRAKE among other exploits. While Snowden's leaks didn't include any actual tools, seems like the drama surrounding NSA isn't going to see an end anytime soon.