Thursday, March 28, 2024

Mass Scan Revealed More Than 30000 Windows Computers Infected by NSA backdoor DoublePulsar

[jpshare] A Recent Mass Scan Revealed That More than 30000 Windows Machine Infected  by National Security Agency  Backdoor DOUBLEPULSAR .DOUBLEPULSAR one of the NSA hacking tools leaked last Friday by the Shadow Brokers .

This Mass Scan was performed in the course of recent days by Security Researchers  from Binary Edge, a Security firm headquartered in Switzerland.

The NSA Tool Called DOUBLEPULSAR that is designed to provide covert, backdoor access to a Windows system, have been immediately received by Attackers .

According to researchers ,Once installed, DOUBLEPULSAR  waits for certain types of data to be sent over port 445. When DOUBLEPULSAR  arrives, the implant provides a distinctive response.

security expert Matthew Hickey Said , DOUBLEPULSAR is a “multi-version kernel mode payload!” Also known as “malware downloader” which  downloading more potent malware executables on infected hosts.

Scanned More Than 107,000 Computers:

NSA implant is code-named ,DOUBLEPULSAR scanned still Now more than 107,000 Computers by Binary Edge .

Another scan don e by security firm Errata Security CEO Rob Graham  and another by researchers from Below0day  and Find Roughly 41,000 and 30,000 infected machines.

Over the past 24 hours—as additional scans have continued to detect between 30,000 and 60,000 infections

SMB exploits with DOUBLEPULSAR:

The exploits targeting SMB (Server Message Block) and NetBIOS protocol

SMB is a network file sharing protocol that allows applications on a computer to read and write (in)to files and request services from server programs in a computer network.

Security Researcher Rik van Duijn from DearBytes Explained a PoC ,“The DoublePulsar backdoor allows to inject and run any DLL (Dynamic Link Library), that way compromising the computer and using it for whatever purpose.

It is basically the default way computers are remotely managed in any environment, so a vulnerability in has huge impact.

It is installed using the ETERNALBLUE exploit that attacks SMB file-sharing services on Windows XP to Server 2008 R2.

That means to compromise a computer, it must be running a vulnerable version of Windows and expose an SMB service to the attacker.

Also Read :

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles