• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 9th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance
NSA

New Cryptocurrency Mining Scheme Uses NSA Exploits EternalBlue & EternalSynergy

December 20th, 2017 Waqas Malware, NSA, Security 0 comments
New Cryptocurrency Mining Scheme Uses NSA Exploits EternalBlue & EternalSynergy
Share on FacebookShare on Twitter

Due to the unprecedented and unexpected increase in the value of cryptocurrencies like Bitcoin, there has been a sudden rise in cyber-attacks on cryptocurrency marketplaces and exchanges. Hackers are unleashing all sorts of attacks from DDoS to spearphishing and frontal attacks to make use of the popularity of cryptocurrencies.

Monero mining with NSA exploits

Now, security firm F5 Networks’ researchers Maxim Zavodchik and Liron Segal have identified a new cryptocurrency mining operation that utilizes recently discovered NSA exploits EternalBlue and EternalSynergy for mining popular cryptocurrency Monero.

This campaign has been dubbed as “Zealot” and it is being termed as a sophisticated and complex multi-stage attack targeting internal systems that run on Linux and Windows OS. Since the attack involves the use of powerful exploits like EternalBlue and EternalSynergy, therefore, attackers are able to access internal networks laterally. Furthermore, through NSA exploits, attackers install cryptocurrency miners on the targeted systems and networks.

The primary purpose of hackers behind this campaign is to access Monero and in their quest, they have managed to affect various Linux and Windows-based servers but so far they haven’t been able to target Macs. The multi-stage attack has a complicated Python agent for Linux/OS X and PowerShell agent for Windows. It also is capable of exploiting servers that are vulnerable to Apache Struts Jakarta Multipart Parser attack (CVE-2017-5638) and DotNetNuke (DNN) content management system vulnerability (CVE-2017-9822).

New Cryptocurrency Mining Scheme Uses NSA Exploits EternalBlue & EternalSynergy

Content of the “zealot.zip” file (F5)

It is not the first time that hackers have used NSA exploits in malware campaigns since we have already witnessed malicious campaigns like NotPetya and WannaCry ransomware in which these exploits were leveraged. However, Zealot could be categorized as different from them because for the first time Struts campaign uses these NSA exploits to access internal networks of targeted systems/servers.

F5 Networks’ researchers noted in their official blog that this campaign appears to be opening brand new attack vector doors by using web applications flaws to automatically deliver malware on internal networks.

“The level of sophistication we are currently observing in the Zealot campaign is leading us to believe that the campaign was developed and is being run by threat actors several levels above common bot herders,” researchers wrote.

Target: Linux and Windows devices 

When a hacker is able to access Windows-based system, the PowerShell is used to download and install Monero mining program. On Linux based systems, Python scripts taken from EmpireProject, a post-exploitation agent for Powershell and Python, are used to install Monero miner.

It is suspected that hackers have collected around $8,500 in this campaign but the actual sum might be higher than this since hackers could be using cryptocurrency wallets that haven’t yet been identified by researchers. It has been observed that the hackers are inspired by StarCraft video game because the malware files bear names from the game such as Zealot, Observer, Overlord, Raven, etc.

Not for the first time

This is not the first time when hackers are using EternalBlue NSA exploit to mine cryptocurrency. In August this year, a fileless malware was found using EternalBlue to target Windows devices to mine cryptocurrency.

  • Tags
  • Bitcoin
  • Cryptocurrency
  • Cyber Crime
  • EternalBlue
  • EternalSynergy
  • hacking
  • internet
  • Malware
  • Monero
  • NSA
  • security
Facebook Twitter LinkedIn Pinterest
Previous article AnubisSpy Malware: Stealing photos, videos & spying on Android users
Next article Sensitive Data of 123 Million American Households Exposed​
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
European Banking Authority victim in Microsoft Exchange Server hack

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data

FluBot Android malware mimics FedEx, Chrome apps to steal user data

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Microsoft, FireEye report 3 new malware linked to SolarWinds hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
European Banking Authority victim in Microsoft Exchange Server hack
Hacking News

European Banking Authority victim in Microsoft Exchange Server hack

FluBot Android malware mimics FedEx, Chrome apps to steal user data
Android

FluBot Android malware mimics FedEx, Chrome apps to steal user data

John McAfee Charged with Fraud in Cryptocurrency Scam
Cyber Crime

John McAfee Charged with Fraud in Cryptocurrency Scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us