Shadow Brokers Leak
What is Shadow Brokers Leak?
Shadow Brokers LeakA 2016-2017 series of leaks by a group calling itself 'The Shadow Brokers' that publicly dumped NSA-linked offensive cyber tools, including EternalBlue.
The Shadow Brokers (TSB) first surfaced in August 2016, publishing files purportedly stolen from the Equation Group, an actor widely associated with the NSA. After failed auction attempts, they released the bulk of their archive on 14 April 2017 in a dump titled 'Lost in Translation' that included Windows SMBv1 exploits such as EternalBlue (CVE-2017-0144), DoublePulsar, EternalRomance, and EternalSynergy. These tools fueled the May 2017 WannaCry ransomware outbreak and the June 2017 NotPetya wiper, causing global damage estimated above USD 10 billion. The leak forced an emergency Microsoft patch (MS17-010) and reshaped debates on vulnerability stockpiling, lawful hacking, and the Vulnerabilities Equities Process.
● Examples
- 01
April 2017 'Lost in Translation' dump containing EternalBlue (CVE-2017-0144) and DoublePulsar.
- 02
Use of leaked exploits in the WannaCry (May 2017) and NotPetya (June 2017) global outbreaks.
● Frequently asked questions
What is Shadow Brokers Leak?
A 2016-2017 series of leaks by a group calling itself 'The Shadow Brokers' that publicly dumped NSA-linked offensive cyber tools, including EternalBlue. It belongs to the Malware category of cybersecurity.
What does Shadow Brokers Leak mean?
A 2016-2017 series of leaks by a group calling itself 'The Shadow Brokers' that publicly dumped NSA-linked offensive cyber tools, including EternalBlue.
How does Shadow Brokers Leak work?
The Shadow Brokers (TSB) first surfaced in August 2016, publishing files purportedly stolen from the Equation Group, an actor widely associated with the NSA. After failed auction attempts, they released the bulk of their archive on 14 April 2017 in a dump titled 'Lost in Translation' that included Windows SMBv1 exploits such as EternalBlue (CVE-2017-0144), DoublePulsar, EternalRomance, and EternalSynergy. These tools fueled the May 2017 WannaCry ransomware outbreak and the June 2017 NotPetya wiper, causing global damage estimated above USD 10 billion. The leak forced an emergency Microsoft patch (MS17-010) and reshaped debates on vulnerability stockpiling, lawful hacking, and the Vulnerabilities Equities Process.
How do you defend against Shadow Brokers Leak?
Defences for Shadow Brokers Leak typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Shadow Brokers Leak?
Common alternative names include: The Shadow Brokers, TSB, Lost in Translation leak.
● Related terms
- malware№ 387
Equation Group
A sophisticated cyber-espionage actor publicly documented by Kaspersky in 2015 and widely attributed to the US NSA, known for firmware implants and Stuxnet-related tooling.
- vulnerabilities№ 389
EternalBlue (CVE-2017-0144)
An NSA-developed exploit for a 2017 Microsoft SMBv1 remote code execution vulnerability, leaked by the Shadow Brokers and used by WannaCry and NotPetya.
- malware№ 1222
WannaCry
A May 2017 self-propagating ransomware worm that used the leaked NSA SMBv1 exploit EternalBlue to encrypt files on over 200,000 systems in 150 countries.
- malware№ 744
NotPetya
A June 2017 destructive wiper masquerading as ransomware, spread via a backdoored M.E.Doc update and attributed to Russia's Sandworm.