Expert are warning that new malware employs 7 NSA exploits. The cyber exploits purportedly stolen from the US National Security Agency (NSA) have been identified in ‘EternalRocks’, a new type of malware detected by a Croatian tech security advisor. The worm utilizes DoublePulsar, Architouch and SMBtouch, a series of tools released in an apparent NSA leak by hacking group ShadowBrokers.
RT reports that similar to the WannaCry malware which struck hundreds of thousands of computers worldwide this month, EternalRocks apparently draws on NSA-identified network exploits EternalBlue, EternalChampion, EternalRoman, and EternalSynergy.
The worm utilizes DoublePulsar, Architouch and SMBtouch, a series of tools released in an apparent NSA leak by hacking group ShadowBrokers.
The virus’s characteristics were identified by Miroslav Stampar, a Croatian security expert for the country’s Computer Emergency Response Team (CERT). He is also listed as a Croatian chapter member of the Honeynet Project, a volunteer network for “security research.”
In a breakdown published online, Stampar outlines how the “cyberweapon” downloads in two separate stages, with the second running 24 hours later to avoid detection.
“After about six to eight hours of analysis, I found how to provoke the second stage,” said Stampar when contacted by RT.com. “I got kind of excited and scared as somebody had successfully, and professionally, packed all SMB exploits from ShadowBroker’s dump.
“I predicted that something bigger than WannaCry is coming,” he added.
Stampar explains that EternalRocks sits anonymously on the target device, but can be activated later for more malicious purposes: “It’s sole purpose at this moment is propagation and waiting for further command and control updates. As I see it, it is a prelude,” he said. Microsoft was forced to patch discontinued operating systems earlier this month after WannaCry exploited vulnerabilities in its software.
RT copy / TRUNEWS summary.