Backdoor implant tool
DoublePulsar |
---|
Technical name |
- Double Variant
- Dark Variant
|
---|
Family | Pulsar (backdoor family) |
---|
Authors | Equation Group |
---|
DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017.[3][citation needed] The tool infected more than 200,000 Microsoft Windows computers in only a few weeks,[4][5][3][6][7] and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack.[8][9][10] A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec.[11]
Sean Dillon, senior analyst of security company RiskSense Inc., first dissected and inspected DoublePulsar.[12][13] He said that the NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary payload. DoublePulsar runs in kernel mode, which grants cybercriminals a high level of control over the computer system.[5] Once installed, it uses three commands: ping, kill, and exec, the latter of which can be used to load malware onto the system.[12]
References