NSA-Linked Implant Patched to Work on Windows Embedded

Discussion in '0-day Release' started by silversurfer, Jun 28, 2018.

  1. silversurfer

    silversurfer Malware Tester Silver Member

    DoublePulsar, one of the hacking tools the Shadow Brokers supposedly stole from the National Security Agency (NSA)-linked Equation Group, can now run on Windows Embedded devices.

    The backdoor was released publicly in April last year along with a variety of Windows exploits that Microsoft had patched the month before. It is a sophisticated, multi-architecture SMB (Server Message Block) backdoor that can stay well hidden on infected machines.

    In addition to SMB, it is also used as the primary payload in RDP (Remote Desktop Protocol) exploits in the NSA’s FuzzBunch software (an exploitation framework that resembles Rapid7’s Metasploit).

    As it turns out, although it would work on a wide range of Windows releases, DoublePulsar wouldn’t work on devices running a Windows Embedded operating system, even if the platform itself is vulnerable to the NSA-linked exploits, a security researcher who uses the online handler of Capt. Meelo says.

    Full Article:
    https://www.securityweek.com/nsa-linked-implant-patched-work-windows-embedded
     
    revC0de, Trim and RGiskardR like this.
  2. Google Adsense

Share This Page