Eternal Blue is an exploit that allows cyber threat actors to remotely execute arbitrary code and gain access to a network by sending specially crafted packets. It exploits a software vulnerability in Microsoft’s Windows operating systems (OS) Server Message Block (SMB) version 1 (SMBv1) protocol, a network file sharing protocol that allows access to files on a remote server.
This exploit potentially allows cyber threat actors to compromise the entire network and all devices connected to it. Due to EternalBlue’s ability to compromise networks, if one device is infected by malware via EternalBlue, every device connected to the network is at risk. This makes recovery difficult, as all devices on a network may have to be taken offline for remediation. This vulnerability was patched and is listed on Microsoft’s security bulletin as MS17-010. Malware that utilizes EternalBlue can selfpropagate across networks, drastically increasing its impact. For example, WannaCry, a cryptoransomware, was one of the first and most well-known malware to use this exploit to spread. WannaCry uses the EternalBlue exploit to spread itself across the network infecting all devices connected and dropping the crypto-ransomware payload. This increased the persistence and damage that WannaCry could cause in a short amount of time. This increase has made EternalBlue popular with various malware, such as Trickbot, a modular banking trojan, as well as CoinMiner and WannaMine, crypto miners that use the EternalBlue exploit in order to gain access to computing power to mine cryptocurrencies.
Ishu
Eternal Blue: