Hackers used NSA-developed EternalBlue tool to attack Baltimore's computer systems: Report

Singapore universities cyber attack
Singapore universities cyber attack (Representational picture) Pixabay

After the cyber attackers targeted Baltimore's internet servers on Tuesday, May 7 and forced the government to shut down most of their computer servers, new reports claimed that the tool, used for the ransomware attack on the city is a National Security Agency (NSA) creation called EternalBlue.

As per previous reports, since 2017, NSA lost control over EternalBlue, which was picked by the hackers from North Korea, Russia as well as China and was used in other high-profile cyber attacks.

Security experts claimed that this tool exploits a vulnerability in certain versions of Microsoft's Windows XP and Vista systems by allowing a third party to execute commands on the target.

EternalBlue was leaked by cyber-criminal group ShadowBrokers in April 2017 and soon American multinational technology company Microsoft released a patch to fix the damage.

By using this particular tool the hackers also carried out several cyber attacks, such as Wannacry in May 2017 and NotPetya attacks on Ukraine based banks in June 2017.

But as per the reports, this Baltimore's data breach incident was the latest attack which was successfully conducted by the hacking group using this malware.

In May, a WeLiveSecurity reported that the use of EternalBlue has increased, especially against US targets.

A computer search engine Shodan's data showed that there are currently one million machines in the world using the obsolete Server Message Block (SMB) v1 protocol, exposing the port to the public internet. Most of these devices are in the US, followed by Japan and Russia. As per the experts, this is the reason behind poor security practices and lack of patching are the reasons why the use of EternalBlue has been growing continuously.

On May 8 Bernard C. "Jack" Young, the Mayor of Baltimore talked to the media and confirmed that it was a ransomware attack. Later the government mentioned that they won't pay the $76,000 ransom demand to the cybercriminals and the IT department started to work on restoring access to the city's systems while improving their security measures.

Related topics : Ransomware