A cyber crime collective that leaked the spy tool that facilitated last week’s global WannaCry ransomware attack has threatened to release more sophisticated cyber weaponry.
In a lengthy blog post published in broken English, the Shadow Brokers group said it would begin a subscription service next month, allowing interested parties to access other data stolen from the US National Security Agency (NSA).
Describing the service as much like a “wine of the month club”, the collective promised regular dumps of advanced tools that could be used for hacking smartphones and computers, along with network data from banking systems and state nuclear programmes.
The WannaCry virus was based on EternalBlue, an exploit widely believed to have been developed by the NSA.
It is thought the Shadow Brokers stole EternalBlue along with a cache of other data from NSA servers, before leaking it online in April.
In all, the collective has released more than a gigabyte of NSA data since last summer.
The group used its blog post to blame the US government and tech firms for last week’s huge ransomware attack, claiming they should have taken up its offer to buy back the stolen software for 10,000 Bitcoins (€15.9 million).
Speaking with the Times of London, Nik Beecher, of cybersecurity and defence company Leonardo, said: “So far they have always delivered on what they said they will do and they’re making some serious claims. The banking data could potentially enable criminals to steal large sums from central banks.”
Speculation over who might have been responsible for the WannaCry attack has continued as businesses around the world recover from its effects.
Theories range from state-sponsored actors, organised cyber-crime gangs to unsophisticated hackers.
Cyber security researchers have found technical clues they said could link the malware to North Korea.
Kaspersky Lab and Symantec have both said some of the code in an earlier version of WannaCry previously appeared in programs used by the Lazarus Group, which researchers have identified as a hacking operation run from North Korea.
“We believe it’s important that other researchers around the world investigate these similarities and attempt to discover more facts about the origin of WannaCry,” Kaspersky Lab said in a blog post.
IBTimes UK tells readers the most prevalent theory is that the malware was the work of an organised criminal group motivated primarily by profit.
“The attacks are likely coming from a well-organised cybercrime group,” said Professor Giovanni Vigna, founder of security firm LastLine and Director of the Centre for Cybersecurity at the University of California in Santa Barbara.
“The fact that the malware seems to be made of components written by different people suggests a structured group that combines various capabilities.”
