New Crypto-Mining Attacks Leverage NSA-Linked EternalBlue Exploit

A new version of the NRSMiner is actively spreading in the southern region of Asia. The majority of detections (54%) have been found in Vietnam, followed by Iran (16%) and Malaysia (12%). The new version either updates existing NRSMiner infections, or spreads to new systems using the EternalBlue exploit.

EternalBlue is one of the NSA exploits stolen by the Shadow Brokers and leaked to the public. It was patched by Microsoft in March 2017, leaked by Shadow Brokers in April 2017, and used by WannaCry in May 2017. That EternalBlue is still being used to spread malware nearly two years after it was patched by Microsoft points to a massive failure in patching.

Read more about the new NRSMiner attacks on SecurityWeek.