14 DAY TRIAL // ShadowBrokers hackers, who got everyone’s attention last summer when they started an action for attack tools allegedly used by the NSA, are now trying to sell an exploit kit that’s believed to also include a zero-day Windows vulnerability.
Currently on sale for 750 Bitcoin ($610,000), the exploit pack contains several utilities, many of which have already been updated several times, and this is a sign that they could include vulnerabilities that are yet to be patched, according to security experts.
Researcher Jacob Williams explains in a post that judging from the screenshots posted by the group online, there’s a good chance that the kit includes an exploit for a zero-day impacting the Windows Server Message Block protocol, which is a network technology that’s being used by Microsoft’s Windows operating system.
“Most interesting perhaps is the fact that the exploits contain a possible SMB zero day exploit. For the price requested, one would hope it is a zero day. The price is far too high for an exploit for a known vulnerability,” the researcher notes.
Possible ties with Russia
Specifics are not available at this point, and ShadowBrokers clearly tried to provide as few details as possible, and Williams explains that it’s hard to tell for the moment if the hackers are Russians or not, given the timing they picked for going online with this dump.
Of course, it’s also impossible to determine whether the release has anything to do with the hacking accusations launched by the United States against Russia, but given the previous connection of tools sold by ShadowBrokers with the NSA, it’s not difficult to understand why some people are indeed exploring such a possibility.
“Shadow Brokers must have known that people would make this analytic leap, so even if they scheduled this release some time ago, the decision to go ahead given the release of the report on Russian hacking was done with the understanding that connections would be made,” Williams writes.
In the end, there’s a big chance that the Windows exploit included in the pack is not a known issue, but customers are strongly recommended to keep their computers fully up to date with the latest patches.