DoublePulsar is a
backdoor
A back door is a door in the rear of a building. Back door may also refer to:
Arts and media
* Back Door (jazz trio), a British group
* Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel.
* Works so title ...
implant tool developed by the U.S.
National Security Agency
The National Security Agency (NSA) is a national-level intelligence agency of the United States Department of Defense, under the authority of the Director of National Intelligence (DNI). The NSA is responsible for global monitoring, collecti ...
's (NSA)
Equation Group
The Equation Group, classified as an advanced persistent threat, is a highly sophisticated threat actor suspected of being tied to the Tailored Access Operations (TAO) unit of the United States National Security Agency (NSA). Kaspersky Labs descr ...
that was leaked by
The Shadow Brokers
The Shadow Brokers (TSB) is a hacker group who first appeared in the summer of 2016. They published several leaks containing hacking tools, including several zero-day exploits, from the "Equation Group" who are widely suspected to be a branch of ...
in early 2017.
The tool infected more than 200,000
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
computers
A computer is a machine that can be programmed to carry out sequences of arithmetic or logical operations (computation) automatically. Modern digital electronic computers can perform generic sets of operations known as programs. These programs ...
in only a few weeks,
and was used alongside
EternalBlue
EternalBlue is a computer exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.
On May 12, 2017, the ...
in the May 2017
WannaCry ransomware attack
The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitco ...
. A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.
Sean Dillon, senior analyst of security company
RiskSense Inc., first dissected and inspected DoublePulsar.
He said that the NSA exploits are "10 times worse" than the
Heartbleed
Heartbleed was a security bug in the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartble ...
security bug, and use DoublePulsar as the primary
payload
Payload is the object or the entity which is being carried by an aircraft or launch vehicle. Sometimes payload also refers to the carrying capacity of an aircraft or launch vehicle, usually measured in terms of weight. Depending on the nature of ...
. DoublePulsar runs in
kernel mode
In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security).
Computer ...
, which grants cybercriminals a high level of control over the computer system.
Once installed, it uses three commands:
ping
Ping may refer to:
Arts and entertainment Fictional characters
* Ping, a domesticated Chinese duck in the illustrated book '' The Story about Ping'', first published in 1933
* Ping, a minor character in ''Seinfeld'', an NBC sitcom
* Ping, a c ...
,
kill
Kill often refers to:
*Homicide, one human killing another
*cause death, to kill a living organism, to cause its death
Kill may also refer to:
Media
*'' Kill!'', a 1968 film directed by Kihachi Okamoto
* ''Kill'' (Cannibal Corpse album), 2006
* ...
, and
exec Exec or EXEC may refer to:
* Executive officer, a person responsible for running an organization
* Executive producer, provides finance and guidance for the making of a commercial entertainment product
* A family of kit helicopters produced by Rot ...
, the latter of which can be used to load
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
onto the system.
References
Windows trojans
Computer security exploits
National Security Agency
{{Malware-stub