|RT | Jun 27, 2017|
If you're a journalist writing about this, remember this worm spreads based on a vulnerability NSA kept unfixed for years. #EternalBluehttps://t.co/9Eb4agkRsp— Edward Snowden (@Snowden) June 27, 2017
Symantec confirms global #Petya ransomware attack hitting computers today (hospitals, supermarkets, banks) uses NSA's #ETERNALBLUE exploit. pic.twitter.com/wDuHoRcFCr— Edward Snowden (@Snowden) June 27, 2017
Symantec analysts have confirmed #Petya#ransomware, like #WannaCry, is using #EternalBlue exploit to spread— Security Response (@threatintel) June 27, 2017
Listen, people can disagree on surveillance. But when @NSAGov's focus on offense over defense shuts down US hospitals, it's time to act. https://t.co/4LL0CHFKOO— Edward Snowden (@Snowden) June 27, 2017
How many times does @NSAGov's development of digital weapons have to result in harm to civil infrastructure before there is accountability? https://t.co/VOu28Ce9ee— Edward Snowden (@Snowden) June 27, 2017
The NSA’s hacking team, Equation Group (or Tailored Access Operations), lost control of its trove of hacking exploits and, last August, a group calling themselves the Shadow Brokers announced it had access to those tools.
In April, the group released some of the tools, which were verified by Snowden and The Intercept. The release included an exploit called EternalBlue, which uses a Microsoft Windows Server Message Block (SMB) vulnerability to access computer systems.
The NSA had discovered a vulnerability in Microsoft Windows software and chose to keep it open for years, instead of telling Microsoft, so it could use it to its advantage.
The Equation Group then created or purchased EternalBlue malicious code. An NSA source told the WP that using EternalBlue was “like fishing with dynamite.”
‘Like letting Tomahawk missiles get stolen’: #Microsoft slams #NSA mishandling of exploits https://t.co/e8jUjtS2Ln#WannaCrypic.twitter.com/HIeokpc7gm— RT (@RT_com) May 14, 2017
According to the Shadow Brokers, it released a screenshot from the Equation Group’s lost disk of tools in January, with the understanding that the Equation Group would then tell Microsoft and the vulnerability would be patched.
Eternal Blue was used in the WannaCry global ransomware attack in May. The malicious code was combined with a code that allowed it to spread quickly.