by Summary:
Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this
Topics:
Mike Norman considers the following as important: Bad Rabbit, cyber hacking, NSA, ransomware
This could be interesting, too:
Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this
Topics:
Mike Norman considers the following as important: Bad Rabbit, cyber hacking, NSA, ransomware
This could be interesting, too:
Mike Norman writes State-Sponsored Commercial Espionage: The Global Theft of Ideas — Larry Romanoff
Mike Norman writes Alex Tabarrok — Iranian “CyberAttack” Threatens Elsevier Not USA
Mike Norman writes Publius Tacitus — Pieces of the Coup Puzzle Fall Into Place
Mike Norman writes Ray McGovern — Foxes in Charge of Intelligence Hen House
Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this exploit....
Ars Technica
Bad Rabbit used NSA “EternalRomance” exploit to spread, researchers saySean Gallagher, IT Editor