An amazing revelation has been uncovered. All hackers, crypto-miners and Ransomware affiliates alike, have one thing in common. Though their methods and end-goals may vary, they have all made use of a leaked National Security Agency (NSA) hacking tool called EternalBlue. What exactly does this hacking tool do?

 

EternalBlue is the name of a software vulnerability in Microsoft’s Windows operating system and is also an exploit the National Security Agency developed to adapt the bug for use as a weapon. The exploit leaked to the public in April 2017. The tool exploits vulnerabilities in the Windows Server Message Block. Once they have their foot in the door of the initial target device, they can then spread across a network.

The versatility of the tool has made it an appealing workhorse for hackers. And though WannaCry raised EternalBlue’s profile, many attackers had already realised the exploit’s potential by then. Even a year after Microsoft issued a patch, attackers still relied on the EternalBlue exploit to target victims, because so many machines remain defenseless to this day.

At this point, EternalBlue has fully transitioned into one of the ever-present, popular instruments in every hacker’s toolbox. EternalBlue will be a go-to tool for attackers for years to come.

 

New examples of EternalBlue’s use in the online realm pop up frequently. It will be years before enough computers are patched against EternalBlue that hackers stop using it. At least by now security experts know to watch for it—and to appreciate the clever innovations hackers come up with to use the exploit in more and more types of attacks.