Tuesday, March 5, 2024

Mass Scan Revealed More Than 30000 Windows Computers Infected by NSA backdoor DoublePulsar

[jpshare] A Recent Mass Scan Revealed That More than 30000 Windows Machine Infected  by National Security Agency  Backdoor DOUBLEPULSAR .DOUBLEPULSAR one of the NSA hacking tools leaked last Friday by the Shadow Brokers .

This Mass Scan was performed in the course of recent days by Security Researchers  from Binary Edge, a Security firm headquartered in Switzerland.

The NSA Tool Called DOUBLEPULSAR that is designed to provide covert, backdoor access to a Windows system, have been immediately received by Attackers .

According to researchers ,Once installed, DOUBLEPULSAR  waits for certain types of data to be sent over port 445. When DOUBLEPULSAR  arrives, the implant provides a distinctive response.

security expert Matthew Hickey Said , DOUBLEPULSAR is a “multi-version kernel mode payload!” Also known as “malware downloader” which  downloading more potent malware executables on infected hosts.

Scanned More Than 107,000 Computers:

NSA implant is code-named ,DOUBLEPULSAR scanned still Now more than 107,000 Computers by Binary Edge .

Another scan don e by security firm Errata Security CEO Rob Graham  and another by researchers from Below0day  and Find Roughly 41,000 and 30,000 infected machines.

Over the past 24 hours—as additional scans have continued to detect between 30,000 and 60,000 infections

SMB exploits with DOUBLEPULSAR:

The exploits targeting SMB (Server Message Block) and NetBIOS protocol

SMB is a network file sharing protocol that allows applications on a computer to read and write (in)to files and request services from server programs in a computer network.

Security Researcher Rik van Duijn from DearBytes Explained a PoC ,“The DoublePulsar backdoor allows to inject and run any DLL (Dynamic Link Library), that way compromising the computer and using it for whatever purpose.

It is basically the default way computers are remotely managed in any environment, so a vulnerability in has huge impact.

It is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2.

That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker.

Also Read :


Latest articles

US Court Orders NSO Group to Handover Code for Spyware, Pegasus to WhatsApp

Meta, the company that owns WhatsApp, filed a lawsuit against NSO Group in 2019....

New SSO-Based Phishing Attack Trick Users into Sharing Login Credentials  

Threat actors employ phishing scams to trick individuals into giving away important details like...

U.S. Charged Iranian Hacker, Rewards up to $10 Million

The United States Department of Justice (DoJ) has charged an Iranian national, Alireza Shafie...

Huge Surge in Ransomware-as-a-Service Attacks targeting Middle East & Africa

The Middle East and Africa (MEA) region has witnessed a surge in ransomware-as-a-service (RaaS)...

New Silver SAML Attack Let Attackers Forge Any SAML Response To Entra ID

SolarWinds cyberattack was one of the largest attacks of the century in which attackers...

AI Worm Developed by Researchers Spreads Automatically Between AI Agents

Researchers have developed what they claim to be one of the first generative AI...

20 Million+ Cutout.Pro User Records Leaked On Hacking Forums

CutOut.Pro, an AI-powered photo and video editing platform, has reportedly suffered a data breach,...
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Live Account Takeover Attack Simulation

Live Account Take Over Attack

Live Webinar on How do hackers bypass 2FA ,Detecting ATO attacks, A demo of credential stuffing, brute force and session jacking-based ATO attacks, Identifying attacks with behaviour-based analysis and Building custom protection for applications and APIs.

Related Articles