EternalBlue is a cyber attack software developed by the U.S. National Security Agency (NSA). It was used as part of the WannaCry ransomware attack in 2017, and is one of the tools leaked by the Shadow Brokers in early 2017.
The attack works by exploiting then-unpatched Windows systems and allowing attackers to remotely execute code on the compromised system. This is accomplished by sending a specially crafted packet to a targeted SMBv1 server which is then used to gain access to the system.
EternalBlue has been used in various cyber attacks, including WannaCry, NotPetya, Bad Rabbit, and the ransomware attack on the city of Atlanta. It has also been used as part of the destructive botnet known as Mirai, as well as various other attacks.
The most concerning aspect of this attack is that the software was developed by a government agency; this means that the capability to exploit vulnerabilities still exists. As such, attention must be paid to continuously patch systems to avoid successful EternalBlue attacks.
