A new group of hackers emerged in August, motivated by money and going after big game. They called themselves the “Shadow Brokers,” and in their first introduction they started an auction promising to sell hacking tools stolen from the National Security Agency (NSA) to the highest bidder.
Posts from the Shadow Brokers raised broad speculation that the Russian government was behind it, but researchers may have unmasked the group. Rather than secretive government agents, or a sophisticated cybercrime syndicate, it may just be a hacker in Russia whose poor choice in an alias was his downfall.
An operative with BLACKOPS Cyber (BOC), a private intelligence company, was able to trace the origins of the Shadow Brokers to an account on VK, a popular European social network. The account belonged to a man in Kurgan, Russia, who goes by the first name Kirill.
Catching a Crook
The Shadow Brokers account has since gone quiet, and the account belonging to the Russian national believed to be behind it has since been deleted—and BOC may be the reason for both of these.
Soon after the Shadow Brokers made its debut, a BOC operative began following the case.
