Wednesday , 21 March 2018
Home >> T >> Threats and Risks >> ‘Beautiful’ NSA hacking apparatus DoublePulsar infects roughly 200,000 Windows PCs

‘Beautiful’ NSA hacking apparatus DoublePulsar infects roughly 200,000 Windows PCs

Tools presumably grown by a US National Security Agency (NSA) leaked early this month by a Shadow Brokers hacking organisation are being used in attacks on Windows PCs.

The tools, expelled to a open-source developer website Github, have been gratefully scooped adult by malware writers of varying levels of competency and pimped around phishing emails opposite a internet. 

And researchers during Swiss confidence association Binary Edge explain to have found 183,107 compromised PCs connected to a internet after conducting a prove for a DoublePulsar malware. Conducted any day over a past 4 days, a series of putrescent PCs has increasing dramatically with any scan, according to Binary Edge.

The company’s scans prove that a US, in particular, has been targeted, with roughly 70,000 infections, followed by China and Hong Kong, Taiwan, Russia and a UK, where it found around 2,500 putrescent PCs.

Scans by other confidence investigate groups have also suggested widespread infections of PCs worldwide with a DoublePulsar malware believed to have been coded by a NSA, and expelled by Shadow Brokers.

Binary Edge described a malware as “beautifully designed” and suggested that it could’ve been used by a accumulation of actors, and not only a NSA.

The malware has also been analysed in fact by another organisation of confidence researchers, called Countercept.

“While there is a lot of engaging calm [in a Shadow Brokers apparatus dump], one sold member that captivated a courtesy primarily was a DoublePulsar payload,” wrote Countercept in a investigate posting.

It continued: “This is given it seems to be a really cat-like kernel-mode cargo that is a default cargo for many exploits.

“Additionally, it can afterwards be used to inject capricious DLLs into user land processes. We have also identified a potentially useful memory signature to detect either this technique has been used on hosts that have not been rebooted since.”

Computing Cybersecurity Strategy Briefing for a Financial Sector logo

Join Computing in London on 4 May for the Cyber Security Strategy Briefing 2017 for a Financial Sector. 

Speakers embody Adam Koleda, IT executive of word organisation BPL Global; Peter Agathangelou, associate executive of Hamilton Fraser Insurance; and, Dr Kuan Hon, consultant counsel during law organisation Pinsent Masons

Attendance is free to subordinate IT professionals and IT leaders – register now!

Further reading



  • <!–

  • Save this article

  • –>

==[ Click Here 1X ] [ Close ]==