ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Home > List all groups > Shadow Brokers

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Shadow Brokers

NamesShadow Brokers (self given)
CountryUSA USA
MotivationFinancial gain
First seen2016
DescriptionBreached a server where zero-days accumulated by Equation Group were held, leaked a large section on the internet and tried to sell the rest afterward. Most of the published vulnerabilities have since been fixed by the respective vendors, but many have been used by other threat actors. Most notably among the dumps were zero-days such as ETERNALBLUE that were used for the creation of infamous ransomware explosions such as WannaCry and NotPetya.

Shadow Brokers turned out to be an ex-NSA contractor.
Tools used
Operations performedAug 2016Initial public dump
Oct 2016‘Shadow Brokers’ Whine That Nobody Is Buying Their Hacked NSA Files
Oct 2016Second Shadow Brokers dump released
Mar 2017In March 2017, the ShadowBrokers published a chunk of stolen data that included two frameworks: DanderSpritz and FuzzBunch.
Apr 2017Shadow Brokers leaks show U.S. spies successfully hacked Russian, Iranian targets
Apr 2017New NSA leak may expose its bank spying, Windows exploits
Apr 2017ShadowBrokers Dump More Equation Group Hacks, Auction File Password
Sep 2017ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month
Sep 2017ShadowBrokers Release UNITEDRAKE Malware
Counter operationsNov 2017Who Was the NSA Contractor Arrested for Leaking the ‘Shadow Brokers’ Hacking Tools?

Last change to this card: 21 May 2020

Download this actor card in PDF or JSON format

Previous: Scully Spider, TA547
Next: ShinyHunters

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]