NSA ‘ETERNALBLUE’ TOOL FACILITATES CYBERATTACKS WORLDWIDE INCLUDING U.S. BY TZVI JOFFRE for JPost
series of cyberattacks throughout the world, including attacks targeting US municipalities, have been facilitated by a hacking tool known as “EternalBlue” which was formerly used by the National Security Agency (NSA), according to The New York Times.
EternalBlue was, at one time, one of the NSA’s most valuable and useful tools. Former NSA operators told The New York Times that analysts spent almost a year developing the tool to target a flaw in Microsoft’s software. The tool was used in countless intelligence-gathering and counter-terrorism missions.
Due to the usefulness of EternalBlue, the NSA didn’t seriously consider alerting Microsoft about the vulnerability until a breach gave them no choice.
EternalBlue was stolen by a group called the “Shadow Brokers” in 2016 and then released online in April 2017, according to welivesecurity. The Shadow Brokers have released many of the NSA’s most valuable and top secret tools to hackers worldwide.
To this day, it is still unknown who is behind the Shadow Brokers. It’s not even known if they hacked the NSA, if it was insider’s leak or both.
The arsenal of hacking tools that the Shadow Brokers acquired included tools to steal documents, subtly change data or become the launching pad for an attack, such as an infamous attack against Iran which caused centrifuges enriching uranium at the Natanz nuclear plant to self-destruct.
The Shadow Brokers incident is “the most destructive and costly NSA breach in history,” Thomas Rid, a cybersecurity expert at John Hopkins University told The New York Times.
The tools stolen by Shadow Brokers have already been used to attack millions of computers with ransomware demanding payments in digital currency in order to have access restored. The attacks have targeted FedEx, Mondelez International, and hospitals in Pennsylvania, Britain and Indonesia, among other thousands of other targets, according to the New York Times.