DoublePulsar – WindowsTechs.com

How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.

Posted on September 5, 2019 by Shannon Vavra

A Chinese hacking group that has been using tools linked with the National Security Agency might have obtained at least one without breaching NSA systems, according to researchers at cybersecurity company Check Point. The Chinese hacking group APT3, which somehow had in its possession an NSA-linked tool in advance of public leaks in 2016 and 2017, appears to have acquired it by analyzing network traffic on a system that was potentially targeted by the NSA, Check Point says. The theory is that after observing the exploit in the wild, APT3 incorporated it into its own arsenal of attacks with some tweaks, the researchers say. “Check Point learned that the Chinese group was monitoring in-house machines that were compromised by the NSA, capturing the traffic of the attack and was leveraging it to reverse engineer the software vulnerabilities,” the researchers write. Check Point acknowledges that it “can’t prove this beyond any doubt.” The company says it does not know for sure […]

The post How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory. appeared first on CyberScoop.

Continue reading How did a Chinese APT get a U.S. hacking tool before it was leaked? Check Point has a theory.→

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them

Posted on May 7, 2019 by Swati Khandelwal

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA’s Equation Group almost a year before the mysterious Shadow Brokers group leaked… Continue reading Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them→

Chinese hackers found and repurposed elite NSA-linked tools

Posted on May 7, 2019 by Greg Otto

A hacking group with ties to Chinese intelligence has been using tools linked to the National Security Agency as far back as March 2016, according to research from security firm Symantec. The tools include some released by the Shadow Brokers, a mysterious group that dumped computer exploits once used by the NSA on the open internet in April 2017. Symantec’s research suggests that the Chinese-linked group, which the company calls “Buckeye,” was using the same NSA-linked tools at least a year before they were publicly leaked. According to Symantec, one of the tools used by Buckeye was DoublePulsar, a backdoor implant that allows attackers to stealthily collect information and run malicious code on a target’s machine. DoublePulsar was used in conjunction with another tool, which Symantec calls Trojan.Bemstour, that took advantage of various Microsoft Windows vulnerabilities in order to secretly siphon information off targeted computers. The Trojan.Bemstour exploit allowed attackers […]

The post Chinese hackers found and repurposed elite NSA-linked tools appeared first on CyberScoop.

Continue reading Chinese hackers found and repurposed elite NSA-linked tools→

ExtraPulsar backdoor based on leaked NSA code – what you need to know

Posted on April 25, 2019 by Paul Ducklin

A US security researcher has come up with an open-source Windows backdoor loosely based on NSA attack code that leaked back in 2017. Continue reading ExtraPulsar backdoor based on leaked NSA code – what you need to know→

Satan ransomware adds EternalBlue exploit

Posted on April 22, 2018 by Bart

Today, MalwareHunterTeam reached out to me about a possible new variant of Satan ransomware.
Satan ransomware itself has been around since January 2017 as reported by Bleeping Computer.
In this blog post we’ll analyse a new version of th… Continue reading Satan ransomware adds EternalBlue exploit→

EternalRomance Exploit Found in Bad Rabbit Ransomware

Posted on October 26, 2017 by Michael Mimoso

Researchers at Cisco found a modified version of the leaked NSA exploit EternalRomance in this week’s Bad Rabbit attack. Continue reading EternalRomance Exploit Found in Bad Rabbit Ransomware→

Report: Second quarter dominated by ransomware outbreaks

Posted on July 6, 2017 by Malwarebytes Labs

The second quarter of 2017 left the security world wondering, “What the hell happened?” With leaks of government-created exploits being deployed against users in the wild, a continued sea of ransomware constantly threatening our ability to work online, and the lines between malware and potentially unwanted programs continuing to blur, every new incident was a wakeup call.In this report, we are going to discuss some of the most important trends, tactics, and attacks of Q2 2017, including an update on ransomware, what is going on with all these exploits, and a special look at all the breaches that happened this quarter.

Categories:

Malwarebytes news

Tags: ad fraud adam kujawa Adam McNeil adware Amazon Phishing Armando Orozco astrum boaxxee breach breaches cerber cybercrime tactics & techniques cybercrime tactics and techniques dok DoublePulsar EK EternalBlue EternalPetya exploit kit Findzip fireball handbrake Jaff Jean-Philippe Taggart Jerome Segura kovter Locky Magnitude Malwarebytes malwarebytes labs Marcelo Rivero Nathan Collier NotPetya NSA nymain petya Pieter Artnz proton proton RAT Q2 2017 RIG second quarter ShadowBrokers Tamy Stewart tech support scams Thomas Reed Troldesh WannaCry WDFLoad William Tsing

Continue reading Report: Second quarter dominated by ransomware outbreaks→

All this EternalPetya stuff makes me WannaCry

Posted on July 6, 2017 by Adam McNeil

Get more background on the EternalPetya ransomware. Learn about its origin, attribution, decryption, and the methods of infection and propagation.
Categories:
Cybercrime
Malware
Tags: attributiondecryptionDoublePulsarEternalBlueEternalPetyaEternalRom… Continue reading All this EternalPetya stuff makes me WannaCry→

Say Goodbye to SMBv1 in Windows Fall Creators Update

Posted on June 20, 2017 by Michael Mimoso

The SMBv1 file-sharing protocol abused by the NSA’s EternalBlue exploit to spread WannaCry ransomware is being disabled in the upcoming Windows Fall Creators Update, or Redstone 3. Continue reading Say Goodbye to SMBv1 in Windows Fall Creators Update→

Threatpost News Wrap, June 9, 2017

Posted on June 9, 2017 by Chris Brook

How EternalBlue was ported to Windows 10, a Facebook phishing study, QakBot, and this week’s Apple security announcements are all discussed. Continue reading Threatpost News Wrap, June 9, 2017→