Thursday , November 28 2024
Home / Mike Norman Economics / Sean Gallagher — Bad Rabbit used NSA “EternalRomance” exploit to spread, researchers say

Sean Gallagher — Bad Rabbit used NSA “EternalRomance” exploit to spread, researchers say

Summary:
Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this

Topics:
Mike Norman considers the following as important: , , ,

This could be interesting, too:

Mike Norman writes State-Sponsored Commercial Espionage: The Global Theft of Ideas — Larry Romanoff

Mike Norman writes Alex Tabarrok — Iranian “CyberAttack” Threatens Elsevier Not USA

Mike Norman writes Publius Tacitus — Pieces of the Coup Puzzle Fall Into Place

Mike Norman writes Ray McGovern — Foxes in Charge of Intelligence Hen House

Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this exploit....
Ars Technica 
Bad Rabbit used NSA “EternalRomance” exploit to spread, researchers say
Sean Gallagher, IT Editor
Mike Norman
Mike Norman is an economist and veteran trader whose career has spanned over 30 years on Wall Street. He is a former member and trader on the CME, NYMEX, COMEX and NYFE and he managed money for one of the largest hedge funds and ran a prop trading desk for Credit Suisse.

Leave a Reply

Your email address will not be published. Required fields are marked *