Shadow Brokers

Intro
The Shadow Brokers are a group of hackers that became famous for hacking and leaking tools developed by the National Security Agency (NSA). The tools leaked are believed to be used to exploit vulnerabilities of various operating systems and devices, thereby granting attackers access and control of targeted systems. Although investigations are ongoing, no one knows who the Shadow Brokers are, how they successfully carried out their attacks, or where they are operating from. The level of damage caused by the Shadow Brokers is considered to be of astronomical proportions as the tools they leaked have allowed members of the public to use them with malicious intent, such as the WannaCry ransomware outbreak of May 2017 that made use of the EternalBlue tool.

Leaks
There are a number of confidential leaks that the Shadow Brokers are famous for starting from August of 2016. The first leak took place on the 13th of August 2016 when the group posted a Tweet with a pastebin URL undefined(which is a web-based application designed to store plain text data), that directed users on how to get hold of government-grade cyber tools. The tools were claimed to be from the Equation Group, a suspected NSA hacking group that is believed to be highly skilled in cyber security, covert hacking operations and malware development undefined. The leak was ultimately titled the Equation Group Cyber Weapons Auction. Users interested in obtaining these tools had to bid using Bitcoin and the highest bidders would receive the best tools, according to the Shadow Broker's post.

The next leak occurred on the 31st of October 2016, conveniently titled TrickOrTreat. This leak was claimed to contain servers that were apparently compromised by the Equation Group. There was also claims of seven top-secret tools available for the public to obtain undefined. These tools were Patchicillin, Stocsurgeon, Dewdrop, Sidetrack, Orangutan, Reticulum, and Dewdrop.

The third leak, titled Black Friday/Cyber Monday Sale, consisted of 60 folders that suggested to contain Equation Group tools. The Shadow Brokers had a new approach of selling these tools directly to users that request them, since auctioning the tools and crowdfunding were not as successful as the group thought it would be undefined. The potential "customer" would email the group requesting the tool of interest and would receive a Bitcoin address in return which they would use to make their payment.

The fourth leak (Don't Forget Your Base) occurred in the beginning of 2017 and was believed to contain a password to access encrypted files that were released the previous year. The files are claimed to expose more tools from the Equation Group. The file was found to contain tools that were mainly designed for attacking Linux systems undefined.

The Shadow Broker's fifth leak was by far the most devastating so far. It occurred on the 14th of April 2017 and it was this leak that released EternalBlue and DoublePulsar into the hands of public users undefined. These two tools were later used in the destructive WannaCry ransomware and NotPetya wiper attacks.

Monthly Subscription Service
After the WannaCry attack, the Shadow Brokers announced that they were going to release more tools, however this was only on a monthly dump for paying subscribers on the dark web. Each month the group would release a file dump that only paying members could receive an would contain zero-day vulnerabilities and hacking tools, with the first dump being released in June 2017.

The fee for a subscription would be 100 Zcash (an alternative cryptocurrency to Bitcoin) which at the time worked out to nearly $22 000. The reason for using Zcash over Bitcoin is that Zcash is suppose to be more anonymous than Bitcoin and therefore less likely to being traced undefined. The dump was said to include exploit tools for operating systems, web browsers and various network and mobile devices, compromised banking information and stolen network information related to nuclear missile programs from countries like Russia, China and North Korea undefined.

In the beginning of September 2017, the fee for the dumps went from 100 ZCash to 500 ZCash, and the group announced they will sell all of the NSA dumps for an incredible 16 000 ZCash, which at the time of writing is more than $4 million undefined. It's hard to determine the success of this monthly service, but many believe it to be a safe guess that the group's service may start failing soon. If they continue to increase their prices so significantly, it's believed that the group will start losing potential buyers and there's also the possibility that the Shadow Brokers may be opening themselves up to cyber attacks from people who want the NSA tools but cannot afford them (or do not wish to pay the increased fees).

Additional Information
To date, the location, the identity and future plans of the Shadow Brokers remain a mystery. There are speculations that they may be based in Russia or the Middle-East as their fourth leak was believed to be in retaliation to Donald Trump's military attack on a Syrian airfield that was used in conjunction with Russian air forces. The group is also famous for the significantly poor grammar within its messages, however some believe this could be done deliberately as a minor additional attempt to mask their identities.

Their motives appear to be financial, and a somewhat strange combination of hacktivism and cyber-crime (leaning more towards the latter).