NSA-Hacking ‘Shadow Brokers’ Reveal Spy-Penetrated Networks
The Shadow Brokers, a mysterious hacker group, released a new cache of files online on Halloween morning.
The group claimed its latest dump reveals the IP addresses, or network designations, of computer servers supposedly compromised by The Equation Group, a hacker outfit widely believed to be linked to the United States National Security Agency. The list allegedly catalogues hundreds of the NSA-linked group’s cyber-espionage targets from the 2000s, including a number of email providers and universities in China as well as targets in countries such as Iran, Russia, Pakistan, India, and South Korea.
Get Data Sheet, Fortune’s technology newsletter.
“TheShadowBrokers is having special trick or treat for Amerikanskis tonight,” the shadowy group wrote in characteristically ungrammatical English in a post on the blogging site Medium, before posting links to the leaked files. The password to unlock them was “payus.”
Security experts noted the information leaked dated back to a decade ago. Some regarded the dump as a cry for attention on the part of Shadow Brokers, which have been trying to drum up interest in an online auction for Equation Group-linked hacking tools that it set up in August.
The earlier dump of hacking tools resulted in previously unknown exploits getting loose, causing networking equipment and firewall makers like Cisco (CSCO), Fortinet (FTNT), Juniper Networks (JNPR), and the Chinese firm Topsec scrambling to issue patches for their devices.
“This is being equation group pitchimpair (redirector) keys, many missions into your networks is/was coming from these ip addresses,” the Shadow Brokers author wrote, referring to a hacking tool “PITCHIMPAIR” that supposedly compromised devices and converted them into staging grounds for launching further attacks. The cache also included systems targeted by the spy tool “Intonation.”
Matt Swann, a principal engineering manager at Microsoft (MSFT), compiled the dumped data into an Excel spreadsheet. The document showed that the targets ran operating systems such as Sun Solaris, FreeBSD, and Linux.
The dump also referenced other hacking tools—dubbed Dewdrop, Incision, Jackladder, Orangutan, Patchicillin, Reticulum, Sidetrack, and Stoicsurgeon—about which little is known.
For more on hacking, watch:
The Shadow Brokers author took the opportunity to rant about American spy agencies, media organizations, and the U.S. presidential election before asking for more bids in the aforementioned NSA-linked spy tools auction. At press time, the auction had raised just over 2 Bitcoins (about $1,400) in a total of 69 bids.
The Shadow Brokers previously said that the auction would end “when we feel it is time to end,” and the alleged loot would go to the highest bidder. The group said it would not reimburse losers.
“How bad do you want it to get?” the author said. “When you are ready to make the bleeding stop, payus, so we can move onto the next game. The game where you try to catch us cashing out! Swag us out!”
The latest file dump comes months after law enforcement arrested Harold Thomas Martin III, an NSA contractor who worked for Booz Allen Hamilton and whom some suspect might be tied to the Shadow Brokers leak. Martin allegedly stole 50 terabytes of data from the NSA and is awaiting trial.