EternalBlue

Eternal - Anonymous
Technical nameL** Trojan:Win32/EternalBlue (Microsoft)[1]
  • Rocks Variant
  • Synergy Variant
    • Win32/Exploit.Equation.EternalSynergy (ESET)[4]
TypeExploit
AuthorsEquation Group
Technical details
PlatformWindows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2012, Windows Server 2016
Preview warning: Page using Template:Infobox computer virus with unknown parameter "Fullname"

EternalBlue[5] is a computer exploit software developed by the U.S. National Security Agency (NSA).[6] It is based on a vulnerability in Microsoft Windows that allowed users to gain access to any number of computers connected to a network. The NSA knew about this vulnerability but did not disclose it to Microsoft for several years, since they planned to use it as a defense mechanism against cyber attacks. In 2017, the NSA discovered that the software was stolen by a group of hackers known as the Shadow Brokers. Microsoft was informed of this and released security updates in March 2017 patching the vulnerability. While this was happening, the hacker group attempted to auction off the software, but did not succeed in finding a buyer. EternalBlue was then publicly released on April 14, 2017.[citation needed]

On May 12, 2017, a computer worm in the form of ransomware, nicknamed WannaCry, used the EternalBlue exploit to attack computers using Windows that had not received the latest system updates removing the vulnerability.[5][7][8][9][10][11]: 1 On June 27, 2017, the exploit was again used to help carry out the 2017 NotPetya cyberattack on more vulnerable computers.[12]

The exploit was also reported to have been used since March 2016 by the Chinese hacking group Buckeye (APT3), after they likely found and re-purposed the software,[11]: 1 as well as reported to have been used as part of the Retefe banking trojan since at least September 5, 2017.[13]

  1. ^ "Trojan:Win32/EternalBlue threat description - Microsoft Security Intelligence". www.microsoft.com.
  2. ^ "TrojanDownloader:Win32/Eterock.A threat description - Microsoft Security Intelligence". www.microsoft.com.
  3. ^ "TROJ_ETEROCK.A - Threat Encyclopedia - Trend Micro USA". www.trendmicro.com.
  4. ^ "Win32/Exploit.Equation.EternalSynergy.A | ESET Virusradar". www.virusradar.com.
  5. ^ a b Goodin, Dan (April 14, 2017). "NSA-leaking Shadow Brokers just dumped its most damaging release yet". Ars Technica. p. 1. Retrieved May 13, 2017.
  6. ^ Nakashima, Ellen; Timberg, Craig (May 16, 2017). "NSA officials worried about the day its potent hacking tool would get loose. Then it did". Washington Post. ISSN 0190-8286. Retrieved December 19, 2017.
  7. ^ Fox-Brewster, Thomas (May 12, 2017). "An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak". Forbes. p. 1. Retrieved May 13, 2017.
  8. ^ Goodin, Dan (May 12, 2017). "An NSA-derived ransomware worm is shutting down computers worldwide". Ars Technica. p. 1. Retrieved May 13, 2017.
  9. ^ Ghosh, Agamoni (April 9, 2017). "'President Trump what the f**k are you doing' say Shadow Brokers and dump more NSA hacking tools". International Business Times UK. Retrieved April 10, 2017.
  10. ^ "'NSA malware' released by Shadow Brokers hacker group". BBC News. April 10, 2017. Retrieved April 10, 2017.
  11. ^ a b Cite error: The named reference Wired_5-7 was invoked but never defined (see the help page).
  12. ^ Perlroth, Nicole; Scott, Mark; Frenkel, Sheera (June 27, 2017). "Cyberattack Hits Ukraine Then Spreads Internationally". The New York Times. p. 1. Retrieved June 27, 2017.
  13. ^ "EternalBlue Exploit Used in Retefe Banking Trojan Campaign". Threatpost. Retrieved September 26, 2017.