In a rambling blog post in bad English — something that has become its trademark — Shadow Brokers also warned that there would be more dumps of exploits to come, advising those who were interested to expect an announcement in June.
Last year Shadow Brokers put up a number of hacking tools for sale, all of which it claimed to have stolen from The Equation Group.
Later the same year, Shadow Brokers released a list of what it said were servers that had been compromised by the NSA and used for attacking targets of the agency's choice.
"In January theshadowbrokers is deciding to show screenshots of lost theequationgroup 2013 Windows Ops Disk. TheShadowBrokers is knowing if showing screenshots, then vulnerabilities is being reported by theequationgroup to Microsoft and is being patched," the group wrote.
And in a reference to Microsoft preident and chief legal officer Brad Smith, Shadow Brokers wrote: "Despite what scumbag Microsoft Lawyer is wanting the peoples to be believing, Microsoft is being BFF with theequationgroup. Microsoft and theequationgroup is having very very large enterprise contracts millions or billions of USD each year."
Smith has slammed the CIA and NSA for stockpiling software exploits.
"TheEquationGroup is having spies inside Microsoft and other US technology companies. Unwitting HUMINT. TheEquationGroup is having former employees working in high-up security jobs at US Technology companies. Witting HUMINT.
"Russian, China, Iran, Israel intelligence all doing same at global tech companies. TheShadowBrokers is thinking Google Project Zero is having some former TheEquationGroup member. Project Zero recently releasing 'Wormable Zero-Day' Microsoft patching in record time, knowing it was coming? coincidence?" the group wrote.
Shadow Brokers said it would announce a monthly subscription model in June, with "TheShadowBrokers Data Dump of the Month" service.
It said these dumps would include:
- Web browser, router, handset exploits and tools;
- Select items from newer Ops Disks, including newer exploits for Windows 10;
- Compromised network data from more SWIFT providers and Central banks; and
- Compromised network data from Russian, Chinese, Iranian, or North Korean nukes and missile programmes.