SoylentNews
SoylentNews is people
https://soylentnews.org/

MrPlow writes:

Submitted via IRC for SoyCow1

Despite early reports that there was no use of National Security Agency-developed exploits in this week's crypto-ransomware outbreak, research released by Cisco Talos suggests that the ransomware worm known as "Bad Rabbit" did in fact use a stolen Equation Group exploit revealed by Shadowbrokers to spread across victims' networks. The attackers used EternalRomance, an exploit that bypasses security over Server Message Block (SMB) file-sharing connections, enabling remote execution of instructions on Windows clients and servers. The code closely follows an open source Python implementation of a Windows exploit that used EternalRomance (and another Equation Group tool, EternalSynergy), leveraging the same methods revealed in the Shadowbrokers code release. NotPetya also leveraged this exploit.

Source: https://arstechnica.com/information-technology/2017/10/bad-rabbit-used-nsa-eternalromance-exploit-to-spread-researchers-say/

Original Submission

1. "MrPlow" - https://soylentnews.org/~MrPlow/
2. "Cisco Talos" - http://blog.talosintelligence.com/2017/10/bad-rabbit.html?m=1#more
3. "Bad Rabbit" - https://arstechnica.com/information-technology/2017/10/new-wave-of-data-encrypting-malware-crashes-through-russia-and-ukraine/
4. "Shadowbrokers" - https://arstechnica.com/information-technology/2017/04/nsa-leaking-shadow-brokers-just-dumped-its-most-damaging-release-yet/
5. "open source Python implementation of a Windows exploit" - https://github.com/worawit/MS17-010/blob/master/zzz_exploit.py
6. "NotPetya also leveraged this exploit" - https://arstechnica.com/information-technology/2017/06/notpetya-developers-obtained-nsa-exploits-weeks-before-their-public-leak/
7. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=23035

printed from SoylentNews, Bad Rabbit Used NSA “EternalRomance” Exploit to Spread, Researchers Say on 2026-01-24 21:07:51