Friday, June 14, 2024

Mass Scan Revealed More Than 30000 Windows Computers Infected by NSA backdoor DoublePulsar

[jpshare] A Recent Mass Scan Revealed That More than 30000 Windows Machine Infected  by National Security Agency  Backdoor DOUBLEPULSAR .DOUBLEPULSAR one of the NSA hacking tools leaked last Friday by the Shadow Brokers .

This Mass Scan was performed in the course of recent days by Security Researchers  from Binary Edge, a Security firm headquartered in Switzerland.

The NSA Tool Called DOUBLEPULSAR that is designed to provide covert, backdoor access to a Windows system, have been immediately received by Attackers .

According to researchers ,Once installed, DOUBLEPULSAR  waits for certain types of data to be sent over port 445. When DOUBLEPULSAR  arrives, the implant provides a distinctive response.

security expert Matthew Hickey Said , DOUBLEPULSAR is a “multi-version kernel mode payload!” Also known as “malware downloader” which  downloading more potent malware executables on infected hosts.

Scanned More Than 107,000 Computers:

NSA implant is code-named ,DOUBLEPULSAR scanned still Now more than 107,000 Computers by Binary Edge .

Another scan don e by security firm Errata Security CEO Rob Graham  and another by researchers from Below0day  and Find Roughly 41,000 and 30,000 infected machines.

Over the past 24 hours—as additional scans have continued to detect between 30,000 and 60,000 infections

SMB exploits with DOUBLEPULSAR:

The exploits targeting SMB (Server Message Block) and NetBIOS protocol

SMB is a network file sharing protocol that allows applications on a computer to read and write (in)to files and request services from server programs in a computer network.

Security Researcher Rik van Duijn from DearBytes Explained a PoC ,“The DoublePulsar backdoor allows to inject and run any DLL (Dynamic Link Library), that way compromising the computer and using it for whatever purpose.

It is basically the default way computers are remotely managed in any environment, so a vulnerability in has huge impact.

It is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2.

That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker.

Also Read :

Website

Latest articles

Sleepy Pickle Exploit Let Attackers Exploit ML Models And Attack End-Users

Hackers are targeting, attacking, and exploiting ML models. They want to hack into these...

SolarWinds Serv-U Vulnerability Let Attackers Access sensitive files

SolarWinds released a security advisory for addressing a Directory Traversal vulnerability which allows a...

Smishing Triad Hackers Attacking Online Banking, E-Commerce AND Payment Systems Customers

Hackers often attack online banking platforms, e-commerce portals, and payment systems for illicit purposes.Resecurity...

Threat Actor Claiming Leak Of 5 Million Ecuador’s Citizen Database

A threat actor has claimed responsibility for leaking the personal data of 5 million...

Ascension Hack Caused By an Employee Who Downloaded a Malicious File

Ascension, a leading healthcare provider, has made significant strides in its investigation and recovery...

AWS Announced Malware Detection Tool For S3 Buckets

Amazon Web Services (AWS) has announced the general availability of Amazon GuardDuty Malware Protection...

Hackers Exploiting MS Office Editor Vulnerability to Deploy Keylogger

Researchers have identified a sophisticated cyberattack orchestrated by the notorious Kimsuky threat group.The...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles