The Shadow Brokers are back in the headlines again. The notorious hacking group is releasing another NAS exploit to its monthly dump service, “TheShadowBrokers Dump Service - September 2017”.
This group of hackers first appeared in the summer of 2016. They published several leaks containing hacking tools from the National Security Agency (NSA), including several zero-day exploits. All the exploits and vulnerabilities targeted firewalls of enterprises, anti-virus products, and Microsoft products.
To enable the attackers to remotely take full control over targeted Windows computers, the implant is a fully extensible remote collection system that comes with a number of plug-ins. This implant is named as ‘UNITEDRAKE’.
The September dump includes a manual in the form of a PDF file, modular malware which can remotely targets Windows’ Systems, as noted Joseph Cox, Security Researcher.
The module of the includes FOGGYBOTTOM and GROK, which has the ability to perform certain tasks including listening in and monitoring communication, capturing keystrokes and capturing webcam and microphone output, the caricature users, and self-destructing once tasks are completed.
The tool has five components—server, the system management interface (SMI), the database (to store and manage stolen information), the plug-in modules (allow the system capabilities to be extended), and the client (the implant).
Since it uses clear text email for delivery, and has also raised the rates for exploits, demanding nearly $4 Million, the Shadow Brokers have set new terms for their monthly subscription and is now only accepting payments in ZCash (ZEC) from its subscribers instead of Monero (XMR).
Back then in June, when the hacking group started its first monthly dump service, they were demanding 100 ZEC ($3,914,080 in total) for all the NSA dumps. The current trade of Zcash is $248 per unit.