New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research

Search

EternalBlue Tied to Recent Ransomware Attacks on U.S. Cities

Unknown: New reports have surfaced which claim that the stolen NSA hacking tool EternalBlue has been used in multiple recent ransomware attacks on cities in the United States.   So far, the only attacks which have been openly tied to the use of EternalBlue have been the attacks on Allentown, PA and San Antonio, TX last year and the ongoing attack on the city of Baltimore, MD.  Following the breach of the NSA’s Tailored Access Operations, many feared that the tools which were designed for use against U.S. adversaries would be used to damage the United States.  Since the breach EternalBlue has been found in a number of attacks, including those on the U.K.’s National Health Service.  Following the breach, hackers from Russia, North Korea and recently China have all been found to be utilizing EternalBlue as well as a number of cyber-criminals.  It is currently unknown who is behind the ransomware campaigns on U.S. cities, especially the attack on Baltimore which has been ongoing for more than three weeks now.

Analyst Notes

With the wide release of the NSA’s cache of hacking tools, it is unlikely we will see an end to the use of tools like EternalBlue anytime soon