EternalBlue

EternalBlue is a computer exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.

Eternal Exploit
Common nameEternal
Technical nameL** Trojan:Win32/EternalBlue (Microsoft)
  • Rocks Variant
    • TrojanDownloader:Win32/Eterock.[Letter] (Microsoft)
    • W32.Eternalrocks (Symantec)
    • TROJ_ETEROCK.[Letter] (Trend Micro)
    • Mal/Eterocks-[Letter] (Sophos)
    • Troj/Eterocks-[Letter] (Sophos)
  • Synergy Variant
    • Win32/Exploit.Equation.EternalSynergy (ESET)
TypeExploit
Author(s)Equation Group
Operating system(s) affectedWindows 95, Windows 98, Windows Me, Windows NT, Windows 2000, Windows XP, Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2003, Windows Server 2003 R2, Windows Server 2012, Windows Server 2016

On May 12, 2017, the worldwide WannaCry ransomware used this exploit to attack unpatched computers.:1 On June 27, 2017, the exploit was again used to help carry out the 2017 NotPetya cyberattack on more unpatched computers.

The exploit was also reported to have been used since March 2016 by the Chinese hacking group Buckeye (APT3), after they likely found and re-purposed the tool,:1 as well as reported to have been used as part of the Retefe banking trojan since at least September 5, 2017.

EternalBlue was among the several exploits used, in conjunction with the DoublePulsar backdoor implant tool, in executing the 2017 WannaCry attacks.

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.