What is Eternal Blue Exploit ? Definition, Working, Tools

Table of Contents

EternalBlue is a exploit, that allows cyber threat actors to remotely execute arbitrary code and gain access to a network by sending specially drafted packets. it exploits a software vulnerability in Microsoft’s windows operating system (os) by Server Message Block (SMB).

EternalBlue is a Window exploit, created by the US National Security Agency (NSA) and used in the 2017, Wanna-Cry ransomware attack (“Wanna-Cry is a crypto-ransomware type, a malicious type of software used by attackers in the attempt to extort money from their victims just like any type of Crypto-ransomware”)

Eternal-Blue spoofs a Windows machine that hasn't been patched against a vulnerability in allowing illegal data packets into legitimate networks, these packets may contain malware such as Trojan ransomware or similar dangerous programs.

.

EternalBlue is a cyberattack exploit
EternalBlue is a cyberattack exploit

How Does Eternal-Blue work

The Server Massage Block First version (SMBv1) was first developed in early 1983 , as a network communication protocol , to enable shared access to files , printers and ports . The Eternal-Blue exploit works by taking advantage of SMBv1 (“Server Massage Block First Version”).

The exploits makes use of the way Microsoft window handles , or rathe mishandles , specially crafted packets from malicious attackers . All the attacker need to do is send a maliciously-crafted packet, to the target server and ,BOOM, the malware propagates and a cyber-attack ensues.

ethical hacking

Who Leaked NSA Tools

The hackers used the agency’s EpMe exploits, (“EpMe,” one of four different privilege escalation exploits included in the Dander–Spritz attack framework , a post-exploitation used by the Equation Group. framework containing a range of tools for persistence, reconnaissance, lateral movement, and bypassing security devices”) years ago to attack windows devices. Shadow brokers leaked the agency’s zero-day arsenal online.

EternalBlue is a cyberattack exploit

How was Eternal Blue stolen

The Eternal-Blue exploit was allegedly stolen, from the National Security Agency (NSA) in 2016, and leaked online on April 14, 2017, by a group known as Shadow Brokers . The exploit targets a vulnerability in Microsoft’s implementation of the Server Massage Block (SMB) protocol via port 445.

EternalBlue is a cyberattack exploit
EternalBlue is a cyberattack exploit
    Share This Post
    Share on facebook
    Share on twitter
    Share on email
    Share on whatsapp

    Leave a Reply

    Subscribe To Our Newsletter

    Get updates and learn from the best

    Latest Guides & Articles