Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this exploit....
Ars Technica
Bad Rabbit used NSA “EternalRomance” exploit to spread, researchers saySean Gallagher, IT Editor
No comments:
Post a Comment