The Shadow Brokers has newly released an NSA tool called UNITEDRAKE. The said implant is a fully extensible remote collection system that comes with a number of plug-ins, enabling attackers to remotely take full control over targeted Windows computers.

Last 2013, a group of hackers known as the SHADOW BROKERS stole disks full of National Security Agency secrets and have been disclosing these secrets on the internet. These secrets have exposed major vulnerabilities in Cisco routers, Microsoft Windows, and Linux mail servers, and exploits that led to the WannaCry ransomware outbreak last May 2017.

Furthermore, the Shadow Brokers threatened to release more NSA secrets every month, giving cybercriminals and other governments worldwide even more exploits and hacking tools. The Shadow Brokers appeared last August, 2017, when they published a series of hacking tools and computer exploits which are mostly vulnerabilities in  common software from the NSA. The material was from mid-2013, and seems to have been collected from an external NSA staging server, a machine that is owned, leased, or otherwise controlled by the US, but with no connection to the agency. NSA hackers find obscure corners of the internet to hide the tools they need as they go about their work, and it seems the Shadow Brokers successfully hacked one of those caches.

Notably, this September 2017 dump also included an unencrypted PDF file, which is a user manual for the  UNITEDRAKE (United Rake) exploit developed by the NSA.

According to the leaked user manual, UNITEDRAKE is a customizable modular malware with the ability to capture webcam and microphone output, log keystrokes, access external drives and more in order to spy on its targets. The term UNITEDRAKE initially came to light in 2014 as a part of NSA’s classified documents leaked by its former contractor Edward Snowden.

As of date, the resources and set of tools belonging to the Shadow Brokers are unknown. It shows that their taunt to release more leaks to the public was not a shallow bluff. Government authorities should start taking the Shadow Broker’s Threats more seriously.

The capability of the UNITEDRAKE exploit is not far from the usual releases. It is some sort of a spyware that can monitor web cameras, record key logs, and access drives. The most common difference among these tools is how they function, how they exploit vulnerabilities, and to what platforms they can be used.

The Shadow Brokers are more likely to be a profit-based organization. They always offer their releases for sale, probably across the dark net market. Since there is a very high probability that this UNITEDRAKE release would go public, the target system, Microsoft Windows, shall focus entirely on identifying how the released exploits work, and
how to apply remedies and precaution.


Manny Cuevas

My name is Manny Cuevas a Security Researcher / Engineer for about 15 years that focuses on Web and Mobile applications and other platforms from the Island of Sulu, Philippines. I’m also a scientist, inventor and a top ranked hacker in the world that bypass all security systems.


Leave a Reply

Your email address will not be published. Required fields are marked *