The EternalBlue and EternalBlue-based series of vulnerabilities have caused a lot of trouble around the world, and unfortunately, these tools of the National Security Agency seem to be used by hackers to distribute cryptocurrency miners.
Trendmicro security researchers have recently observed that anonymous hacking organizations are using EternalBlue vulnerabilities to launch attacks on businesses. The main use of hackers is still the EternalBlue flaw to infect the world’s computers through the Windows SMB service.
Of course, Microsoft has long fixed the EternalBlue series of vulnerabilities. These infected computers are computers that still do not have security updates installed. Automatic updates such as Windows 10 have been turned on and will not be affected. The Windows version affected is Windows XP and Windows 7. In addition, unpatched computers such as Windows Vista, Windows Server 2003, and Windows Server 2008/R2 are also infected.
After monitoring, the researchers found that infected companies included the education industry, communications and multimedia industries, banking, traditional manufacturing, and technology companies. The infected computer will mainly install the mining software of the virtual currency Monero, which will consume the CPU resources of the computer and continue mining.
“The campaign seems to be widespread, with targets located in all regions of the world. Countries with large populations such as China and India also had the most number of organizations being targeted. This seems to indicate that the threat actors weren’t selective with their victims, opting for a “shotgun” method of attack, rampaging through the internal networks of compromised organizations rather than seeking out individual targets.”