Hackers behind stolen NSA tool for WannaCry: More leaks coming

Posted May 20, 2017

These will include monthly data dumps starting in June. According to reports, the fear is that the next such attack might not have a kill switch.

He added that most of the exploits The Shadow Brokers May release are still patchable, though exploits to Android handsets might remain "devastating".

The cybercriminal gang behind the WannaCry ransomware - Shadow Brokers - posed in a blog post that every month they will be releasing more and more of the data they stole. Yesterday at TechCrunch Disrupt, former NSA head General Keith Alexander defended the hoarding practice in the name of public safety, using wishy-washy logic.

Shadow Brokers came to public attention in August 2016 when it mounted an unsuccessful attempt to auction off a set of older cyber-spying tools it said were stolen from the NSA. Spokesperson from Microsoft has already said that they will be preparing a response for this claim from the hacking group.

The shadowy hacking group claimed that Microsoft released its vulnerability patch in March while also alleging that the Equation Group was paying USA tech companies not to patch vulnerabilities.

"The ShadowBrokers is feeling like being very responsible party about Windows dump", Shadow Brokers wrote in the blog, in its usual freakish dialect. The NSA supposedly realized what the Shadow Brokers had and told Microsoft.

During the more than five years the NSA used EternalBlue's extraordinary powers to extract secrets from targeted computers, the Washington Post reported, some officials discussed whether the flaw was so unsafe they should reveal it to Microsoft.

To mitigate its instability in the early days, the NSA hackers were under strict usage rules that required approval from a senior supervisor on a target-by-target basis to use the exploit, the employees recalled.

The announcement comes on the heels of a very virulent ransomware outbreak that has used one of the exploits previously leaked by the group.

The Shadow Brokers said it chose to share screenshots from the NSA Equation Group's lost 2013 Windows Ops Disk in January, with the understanding that the Equation Group would then tell Microsoft and the vulnerability would be patched. The threat to release monthly data dumps, like a wine of the month club, starts in June.

In a blog post written in its trademark broken English, the group said it has more so-called Ops Disks, which it says were also stolen from the NSA.

What is more interesting is the fact that one of the countries the group tried to sell data to is Korea, which puts the theory of North Korea being behind the WannaCry attacks under serious doubt. What members doing with data after is up to members.