Remember The Shadow Brokers? They are back.

A hackers group that previously claimed to have stolen a bunch of hacking tools (malware, zero-day exploits, and implants) created by the NSA and gained popularity last year for leaking a portion of those tools is back.

Today, The Shadow Brokers group released more alleged hacking tools and exploits that, the group claims, belonged to "Equation Group" – an elite cyber attack unit linked to the NSA.

Besides dumping some NSA's hacking tools back in August 2016, the Shadow Brokers also released an encrypted cache of files containing more NSA's hacking tools and exploits in an auction, asking for 1 Million Bitcoins (around $568 Million).

However, after failed auction, the group put up those hacking tools and exploits for direct sale on an underground website, categorizing them into a type — like "exploits," "Trojans," and "implant" — each of which ranged from 1 to 100 Bitcoins (from $780 to $78,000).

Now, the Shadow Brokers has finally released password for the encrypted cache of NSA's files, allowing anyone to unlock and download the auction data dump.


The password mentioned above for the encrypted NSA files was made public through a blog post published today.

The blog post, titled "Don't Forget Your Base," has been written as an open letter to President Donald Trump, containing political views expressed by the Shadow Brokers on Trump's recent policies and events, like the Goldman Sach, the air strike against Syria and removal of Steve Bannon from the National Security Council, among others.

A security researcher, who uses Twitter handle x0rz, has uploaded all files after decryption on Github and confirmed that the archive includes:

  • rpc.cmsd a remote root zero-day exploit for Solaris – Oracle-owned Unix-based operating system.
  • The TOAST framework that NSA's TAO (Tailored Access Operations) team used to clean logs of Unix wtmp events.
  • The Equation Group's ElectricSlide tool that impersonates a Chinese browser with fake Accept-Language.
  • The evidence of the NSA operators' access inside the GSM network of Mobilink, one of the Pakistan's popular mobile operator companies.

More key findings will come as soon as other security researchers delve into the dump.

At the time, it's not confirmed whether the group holds more NSA hacking tools and exploits or this is the last batch of documents the Shadow Brokers stole from the United States intelligence organization.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.