Monday, April 28, 2025
HomeMalwareMass Scan Revealed More Than 30000 Windows Computers Infected by NSA...

Mass Scan Revealed More Than 30000 Windows Computers Infected by NSA backdoor DoublePulsar

Published on

SIEM as a Service

Follow Us on Google News

[jpshare] A Recent Mass Scan Revealed That More than 30000 Windows Machine Infected  by National Security Agency  Backdoor DOUBLEPULSAR .DOUBLEPULSAR one of the NSA hacking tools leaked last Friday by the Shadow Brokers .

This Mass Scan was performed in the course of recent days by Security Researchers  from Binary Edge, a Security firm headquartered in Switzerland.

The NSA Tool Called DOUBLEPULSAR that is designed to provide covert, backdoor access to a Windows system, have been immediately received by Attackers .

- Advertisement - Google News

According to researchers ,Once installed, DOUBLEPULSAR  waits for certain types of data to be sent over port 445. When DOUBLEPULSAR  arrives, the implant provides a distinctive response.

security expert Matthew Hickey Said , DOUBLEPULSAR is a “multi-version kernel mode payload!” Also known as “malware downloader” which  downloading more potent malware executables on infected hosts.

Scanned More Than 107,000 Computers:

NSA implant is code-named ,DOUBLEPULSAR scanned still Now more than 107,000 Computers by Binary Edge .

Another scan don e by security firm Errata Security CEO Rob Graham  and another by researchers from Below0day  and Find Roughly 41,000 and 30,000 infected machines.

Over the past 24 hours—as additional scans have continued to detect between 30,000 and 60,000 infections

SMB exploits with DOUBLEPULSAR:

The exploits targeting SMB (Server Message Block) and NetBIOS protocol

SMB is a network file sharing protocol that allows applications on a computer to read and write (in)to files and request services from server programs in a computer network.

Security Researcher Rik van Duijn from DearBytes Explained a PoC ,“The DoublePulsar backdoor allows to inject and run any DLL (Dynamic Link Library), that way compromising the computer and using it for whatever purpose.

It is basically the default way computers are remotely managed in any environment, so a vulnerability in has huge impact.

It is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2.

That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker.

Also Read :

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Cybercriminals Selling Sophisticated HiddenMiner Malware on Dark Web Forums

Cybercriminals have begun openly marketing a powerful new variant of the HiddenMiner malware on...

Three IXON VPN Client Vulnerabilities Let Attackers Escalate Privileges

Security researchers at Shelltrail have discovered three significant vulnerabilities in the IXON VPN client...

Cybersecurity Firm CEO Arrested for Planting Malware in Hospital Systems

Jeffrey Bowie, the CEO of a local cybersecurity firm, has been arrested for allegedly...

How To Use Digital Forensics To Strengthen Your Organization’s Cybersecurity Posture

Digital forensics has become a cornerstone of modern cybersecurity strategies, moving beyond its traditional...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cybercriminals Selling Sophisticated HiddenMiner Malware on Dark Web Forums

Cybercriminals have begun openly marketing a powerful new variant of the HiddenMiner malware on...

North Korean APT Hackers Pose as Companies to Spread Malware to Job Seekers

Silent Push Threat Analysts have uncovered a chilling new cyberattack campaign orchestrated by the...

Russian VPS Servers With RDP and Proxy Servers Enable North Korean Cybercrime Operations

Trend Research has uncovered a sophisticated network of cybercrime operations linked to North Korea,...