Shadow Brokers re-emerge, drop large catalog of stolen NSA exploits

After "going dark" in January, the group released a password Saturday that unlocks a full suite of exploits.
(Getty Images)

The Shadow Brokers, the mysterious group linked to exploits stolen from the National Security Agency, released a large catalog of files Saturday that give further insight into the elite spy agency’s hacking methods.

In a lengthy blog post on Medium, the group reveals a password that unlocks an encrypted folder full of files the group previously tried to sell in an online auction. The group says the motive for unlocking the files is disappointment with the actions of President Donald Trump since he assumed office, including missile strikes on a Syrian air base earlier this week.

“TheShadowBrokers doesn’t want this to be happening to you, Mr. Trump,” the group wrote in the rambling, grammatically poor post. “TheShadowBrokers is wanting to see you succeed. TheShadowBrokers is wanting America to be great again. TheShadowBrokers acknowledging, we don’t be having all the inside information you do, things might look different inside the bubble. TheShadowBrokers is having suggestion. Maybe you be making YouTube video is in order, to be explaining to your voters, your supporters, you didn’t f*** them all over. Because from theshadowbrokers seat is looking really bad.”

Security researchers have started poring over the files, with many saying on Twitter that some date back as far as the 1990s. The catalog’s exploits look to primarily focus on Linux.



Prominent NSA whistleblower Edward Snowden said the files fall short of the agency’s full exploit catalog, and should be filled with clues that give investigators a better idea of the leak’s origin.

Previously, The Shadow Brokers had tried to auction this catalog of exploits for roughly $7,070,300 in bitcoin. The most the group received was $9,000 earlier this year.

The dump is the first since the group released a trove of active Microsoft Windows software exploits in January. That release accompanied a farewell message, in which the group claimed they were “making [an] exit” and “going dark.”

The Shadow Brokers first came to light last August when downloadable samples of exploit code were posted on several websites, detailing a series offensive cyber tools reportedly once used by the Equation Group, a cadre that has been linked to the NSA.


After the initial leak, the FBI arrested former NSA contractor Harold Martin for stealing an immense trove of classified material. Martin allegedly stole more than 50 terabytes worth of data over the course of two decades while working for both the NSA and Office of the Director of National Intelligence, or ODNI.

Martin is one of the prime suspects behind the Shadow Brokers case, but direct connection between Martin and the mysterious group remains unclear.

The Shadow Brokers leak comes less than 24 hours after WikiLeaks released another entry in their #Vault7 series, which contained documents from the CIA’s Grasshopper framework, a platform used to build customized malware payloads for Microsoft Windows operating systems.

Greg Otto

Written by Greg Otto

Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University.

Latest Podcasts