PLATINUM COLONY
Objectives
Aliases
Tools
SUMMARY
In August 2016, an online persona going by the name of 'The ShadowBrokers' announced that it had obtained a series of stolen tools associated with Equation Group, and that it intended to auction them to the highest bidder. In 2017, after attempts to auction or directly sell the tools appeared to have failed The ShadowBrokers publicly released a number of them. This culminated in April 2017 with the 'Lost in Translation' leak that included, among other things, the EternalBlue SMBv1 exploit weaponized by the WannaCry ransomware in May 2017.
Kaspersky identified a 'strong connection' between several hundred tools in The ShadowBrokers dump and malware they associate with Equation Group, a highly sophisticated threat group that they first reported on publicly in 2015 that CTU researchers track as PLATINUM COLONY. Based on analysis of openly available information and of the tools dumped by The ShadowBrokers, CTU researchers assess with high confidence that PLATINUM COLONY conducts operations on behalf of the U.S. Government in support of national security objectives.
Contact Us
Contact us directly whether your organization needs immediate assistance or you want to discuss your incident readiness, response, and testing needs.