HOME

TheInfoList



Click Here for Items Related To - DoublePulsar
OR:
DoublePulsar on:   [Wikipedia]   [Google]   [Amazon]

DoublePulsar is a backdoor implant tool developed by the U.S.
National Security Agency The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collectio ...
's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside
EternalBlue EternalBlue is a computer exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability. On May 12, 2017, the ...
in the May 2017
WannaCry ransomware attack The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitc ...
. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec. Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar. He said that the NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary
payload Payload is the object or the entity which is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of ...
. DoublePulsar runs in
kernel mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Compute ...
, which grants cybercriminals a high level of control over the computer system. Once installed, it uses three commands: ping, kill, and exec, the latter of which can be used to load
malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, de ...
onto the system.


References

Windows trojans Computer security exploits National Security Agency {{Malware-stub