EternalBlue is a exploit, that allows cyber threat actors to remotely execute arbitrary code and gain access to a network by sending specially drafted packets. it exploits a software vulnerability in Microsoft’s windows operating system (os) by Server Message Block (SMB).
EternalBlue is a Window exploit, created by the US National Security Agency (NSA) and used in the 2017, Wanna-Cry ransomware attack (“Wanna-Cry is a crypto-ransomware type, a malicious type of software used by attackers in the attempt to extort money from their victims just like any type of Crypto-ransomware”)
Eternal-Blue spoofs a Windows machine that hasn't been patched against a vulnerability in allowing illegal data packets into legitimate networks, these packets may contain malware such as Trojan ransomware or similar dangerous programs.
How Does Eternal-Blue work
The Server Massage Block First version (SMBv1) was first developed in early 1983 , as a network communication protocol , to enable shared access to files , printers and ports . The Eternal-Blue exploit works by taking advantage of SMBv1 (“Server Massage Block First Version”).
The exploits makes use of the way Microsoft window handles , or rathe mishandles , specially crafted packets from malicious attackers . All the attacker need to do is send a maliciously-crafted packet, to the target server and ,BOOM, the malware propagates and a cyber-attack ensues.
Who Leaked NSA Tools
The hackers used the agency’s EpMe exploits, (“EpMe,” one of four different privilege escalation exploits included in the Dander–Spritz attack framework , a post-exploitation used by the Equation Group. framework containing a range of tools for persistence, reconnaissance, lateral movement, and bypassing security devices”) years ago to attack windows devices. Shadow brokers leaked the agency’s zero-day arsenal online.
How was Eternal Blue stolen
The Eternal-Blue exploit was allegedly stolen, from the National Security Agency (NSA) in 2016, and leaked online on April 14, 2017, by a group known as Shadow Brokers . The exploit targets a vulnerability in Microsoft’s implementation of the Server Massage Block (SMB) protocol via port 445.