Hackers published an ANB bookmark for Windows-based systems
By Prempal Singh
The sensational hacking group The Shadow Brokers again reminded of itself. This time, the hackers published an instruction for the exploit of the US National Security Agency under the name UNITEDRAKE and announced some changes in the work of their service to provide stolen data.
According to the message published on the Steemit platform , henceforth subscribers of the service will receive not one but two data dumps per month. Anyone can purchase previous dumps by sending the appropriate amount to the grouping.
The terms of payment have changed significantly. Now the payment is accepted only in the Zcash crypto currency. The address for the delivery of the dump should be indicated in the field for the accompanying text. Only addresses in the visible part of the Internet are accepted (at addresses in the darknet the information will not be sent). Grouping recommends the use of services with built-in encryption Tutanota or Protonmail, eliminating the need to exchange encryption keys.
Among the changes is also worth noting the increase in tariffs. In June this year, when the group launched its own service, the subscription cost was 100 ZEC (about $ 24 thousand).Now The Shadow Brokers asks for 16 thousand ZEC (about $ 3,914,080).
Notably, the September dump contains the exploit of the NSA called UNITEDRAKE. The tool allows you to remotely collect data from computers running Windows. UNITEDRAKE is mentioned in the documents of the NSA, previously provided by Edward Snowden. Moreover, Kaspersky Lab experts described the tool in 2015, calling it EquationDrug. According to researchers, EquationDrug is the main platform for espionage, used for 10 years by the Equation Group.
Equation Group – one of the most powerful APT-groupings, operating, at least, since 2001. It was discovered by Kaspersky Lab experts during the investigation of the Regin Group and contacted by the researchers with the US government (in particular, with the NSA).