Hackers Unleash Second NSA-Developed Cyber-Weapon On Dark Web

Tyler Durden's picture

While a second variant of the WannaCry(pt) ransomware (based on NSA's EternalBlue exploit) was spreading across the globe yesterday, The FT reports criminal hacking groups have repurposed a second classified cyber weapon stolen from US spies and have made it available on the so-called dark web.

On Monday, the WannaCry attack, which hit 370,000 computers across 150 countries, appeared to slow. Europol, the European police agency, said the spread of the virus had stalled in Europe. But while infection rates have slowed, a Europol spokeswoman warned, "we do not think this is the end of the crisis. The hackers have already evolved the malware, and will probably continue to do so."

Notably as Europe woke up (and US opened), the infection rate started to rise once again...

But as The FT reports, intelligence and law-enforcement officials said they fear WannaCry may foreshadow a wave of similarly damaging attacks, as criminals and others race to make use of digital weapons that for years were only available to the most technologically sophisticated nation states.

At least a dozen other NSA tools are currently being discussed and worked on as the basis of potential new cyber weapons on hacking forums on the dark web, parts of the internet not accessible via normal search engines.

The hacking tool, developed by the US National Security Agency and called EsteemAudit, has been adapted and is now available for criminal use, according to security analysts.


As with the NSA’s EternalBlue, the tool on which WannaCry was based, EsteemAudit exploits a vulnerability in older versions of Microsoft’s Windows software in the way in which networked machines communicate with each other.

Ciaran Martin, director of the UK’s National Cyber Security Centre, said:

“There is a global ecosystem of cyber criminals and sophisticated hackers which are putting a lot of attack methodology into open-source.


“It gets modified and reused and upgraded. The volume of open-source exploits and that ecosystem are getting bigger.”

This is far from over.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
FrozenGoodz's picture

Send your ransom bills to wikileaks

Boris Alatovkrap's picture

Payment is accept in BitCoin or Paypal in Ruble.

AVmaster's picture

Windows firewall off

Defender off...

No antivirus...

No other so called "protection"...


Been like that for over a decade now... Still not hacked..


Stop looking at porn and opening email attachements you dumbasses...

Man Who Was Thursday's picture

Speaking of troubleing the NSA, when is ZH adress switching to HTTPS? As a  semi-libertarian non-conformist site/blog, wouldn't that be expected?


Thanks, Tylers.

omi's picture

Letsencrypt provides free SSL certs. The only downside is that you have to renew them frequently, but they have an app that makes it easy.

meta-trader's picture

she was a waitress in a cocktail bar now she owns a jet... http://bit.ly/2jdTzrM

zuuma's picture

So, it looks like the major affected areas are places which enjoy
pirate copies of Windows.

They try to patch & get locked out.
They don't patch - and get locked out.




FKostanza's picture

Not sure if anyone else noticed, but every single article on this touts the fact that Windows 10 (which stinks by the way) is immune to the exploit. It's almost as if they are trying to scare everyone into moving into a system where they have even more control. All this bullshit is staged between alphabet orgs working in conjunction with MS to move most of the worlds computers into the pit they call windows 10.

freedogger's picture

Windows 10 encrypts your soul and sells it to many third parties.

AGuy's picture

"Speaking of troubleing the NSA, when is ZH adress switching to HTTPS? As a semi-libertarian non-conformist site/blog, wouldn't that be expected?"

Absolutely pointless since the NSA and other gov't agencies have access to all of the SSL private keys. The only way to have a secure connection is via private key/cert server, and users would need to add the public key to their Browsers.

Personally I hate SSL for generic web browsing since really servers no purpose and just adds unnecessary overhead. SSL is OK for online financial transactions (ie online purchases).

SWRichmond's picture

Let's connect some dots, shall we?

Establishment catches wind that explosive information regarding their darling Hillary (and ultimately her involvement in the murder of Seth Rich), and completely destroying their narrative about Russian Hacking of DNC, is about to be released.

Establishment, as always, drives the news cycle with a distraction: in this case, a global hack story which they will trace back to Russia (even though SANS analysis of the malware leads elsewhere).  Interestingly, the hack uses a vulnerability first dev'd by NSA.

As the Seth Rich story begins to build, more and more malware is released, giving Wolf Blitzer and Gabby McCarpetMuncher something to talk about endlessly.

In the meantime, troops are moved about globally in preps for the real distraction.

The Gladiator's picture

"Stop looking at porn......"


. . . _ _ _ . . .'s picture

Agreed, no need for that stuff. Just turn off the ping. Now they can't find you.

Or just back up your files offline. Then, who cares?

Gilnut's picture

How do you know you're not hacked.  Your computer is likely a node on a bot-net, propagating the attacks.  Stupid people like you are a hackers dream come true.  

. . . _ _ _ . . .'s picture

You can scan for such things.

Security and maintenance are different things.

Besides, patches are released AFTER the problems occur. AV is ok for unsure sites, but no help in defending against unknown unknowns. MS firewalls are useless.

espirit's picture


It’s the Russians…


It’s the North Koreans…


It’s the Porn Surfers…


It’s ….????


Pop3y3too's picture

Monty Python's Flying Circus!!

Obadiah's picture

Well i did give up porn, but for crying out loud.  These NSA pukes know ALL the IP addresses and ALL the shit these FrEaKs do online  COME ON  we're not that stupid.


Make me sorta miss all those playboy hq scans from yesteryear on the BBS systems in 1990something???  








dark fiber's picture

Ok fine, but that stop looking at porn thing...  That defeats the whole point of the internet in the first place.

. . . _ _ _ . . .'s picture

"Last week, Google security researchers Natalie Silvanovich and Tavis Ormandy reported to Microsoft a flaw in its Malware Protection Engine, a technology that exists in most of Redmond’s malware protection offerings — including Microsoft Forefront, Microsoft Security Essentials and Windows Defender. Rather than worry about their malicious software making it past Microsoft’s anti-malware technology, attackers could simply exploit this flaw to run their malware automatically once their suspicious file is scanned.

In addition to the anti-malware product update, Microsoft today released fixes for dangerous security flaws in a range of products, from Internet Explorer and Edge to Windows, Microsoft Office, .NET, and of course Adobe Flash Player."

TheReplacement's picture

I have seen clients pickup viruses from .gov and state websites as well as commonly trusted corporates. You have only been lucky, not good.

Bubba Rum Das's picture

"Windows firewall off

Defender off...

No antivirus...

No other so called "protection"..."

Yes, because the Windows 'back door's' that the NSA used for their malware programs are installed by Microsoft via 'Microsoft Updates'...

For the NSA, under contract with microsoft.

Haus-Targaryen's picture

I wish these people would do something constructive and target:

1) PPT

2) HFT algos 

3) Fed

4) ECB

5) BoJ

6) BoE 

and the like. 


SubjectivObject's picture

There's probably an implication of culpability in there somewhere.

TheReplacement's picture

Kinda like why Daesh and AlCiada never attack Israel and the real power centers of the west - the banks and the bankers. But then again, I sorta repeated myself there didn't I?

espirit's picture


It is much more important to denote ‘who’ is not affected.


. . . _ _ _ . . .'s picture

'Terrorists' don't hit the right buildings, 'hackers' don't hit the right sites... it's all state-sponsored. There is no other explanation.

There is no terrorism. There is no hacking. There is only Apple and Facebook and Google and Berkshire Hathaway, Goldman Sachs the Federal Reserve, and Exxon. These are the terrorists of the world today, Mr. Beale. (paraphrased)

Bubba Rum Das's picture

"There is no terrorism. There is only Apple and Facebook and Google and Berkshire Hathaway, Goldman Sachs the Federal Reserve, and Exxon."

You forgot Microsoft & the NSA.

brain_glitch's picture

that is one epic scene :

Network - Money speech 


GUS100CORRINA's picture

With the most recent DEMONIC led cyber war, we are now seeing the DOCTRINE of HUMAN DEPRAVITY in FULL BLOOM.

Sadly, it is technology companies worldwide that have sold their SOULS to the IC. We have BACK DOORS into every piece of TECHNOLOGY on the market today. It doesn't matter if it is a cell phone, computer, TV or whatever. The BACK DOORS exist to be exploited. 



By the way, if you want to learn more about how bad it can get, read the Book of Judges or 2nd KINGS. Also, the information below is an interesting read as well.


The HEART (of HACKERS like everyone else) is deceitful above all else and desparately wicked. Who can know it? 

umdesch4's picture

This one time, I'm going to attribute it to stupidity. I work in DevOps, and part of what I do involves code review/audit, with security being part of what I analyze. I can tell you, these coders learned how to make whiz-bang things work, when they picked up 'Teach Yourself to Program in 21 Days', and then BSed their way into a job. They don't know squat about sanitizing inputs, memory management, buffer overflows, sql injection, privilege escalation. There's a ton of insecure crap that makes it into shipped code. Why would Microsoft's OS be any different?


I attribute it to ignorance and laziness, and cost-cutting greed. It doesn't need to be nefarious.


TheReplacement's picture

It is somewhat unfair to tar all tech companies with the same brush. It is not unknown that groups like the CIA and NSA infiltrate their own into standards bodies and corporate development teams to make all of this possible. Beyond that it is also known they use 'leverage' to force obedience. There are tech people in prison, and dead too, for not complying.

Obadiah's picture

Oh Frozen ur such a  douche



PS Wonder how many volts you can transmit over fiber.  Send back a shocking signal of 480 volts to the offending PCs?  


Billion Dollar Idea or Hogwash?

hxc's picture

It's called fiber OPTIC for a reason, dude. Light, not electricity

Insurrexion's picture

Frozengoods is fucking NSA plant.

Block his ass.

Buck Johnson's picture

I have access to the dark web, I'm going to check to see what they got.  Also he is right, this is very very far from over.  You see the hackers and the real intelligent kids and adults who are out there see this as a goldmine.  Because now they can reverse engineer and/or upgrade the malwares and techniques to make it even better or more dangerous.  Another thing to ask yourself, we know that hackers can get into companies or institutions.  What if someone puts one of these dangerous malwares or techniques to use inside JP morgan or some company and steal all their customer data and then wipe it clean to destroy the company.



Law666's picture

how does one get t o the dark bank   Oops mean dark web?

Insurrexion's picture
Download Tor ---

New Commission-based Ransomware As A Service Available Free On Dark Web


Obadiah's picture

Yesh fur realz.  Too bad it's Jamie with the code

EuroPox's picture

The original variant has been on HANSA market for the last few weeks - I haven't checked for the 'improved variety' but that is the first place to check.

Edit:  It is on AlphaBay too.... can't think why you would want it though.

b a n n e d's picture

Alphabay  in tor browser! :)

HenryKissingerChurchill's picture

just patch the planted gaping security holes?

HenryKissingerChurchill's picture

oh cannot do that, we could not spy on the sheeple dickpics anymore!

let`s BAN ransomware! THAT would teach them... let's BAN Silk Road too... and BAN that NEGROnet too!

HenryKissingerChurchill's picture

thank god the USA guantanamozed Ross Ulbricht and also destroyed that Silk Road crazy idea of a free marketplace in the internet... otherwise people would be able to freely have voluntary trade in a free market  "DARK/BLACK" WEB

Lumberjack's picture

Ask any IT person or project manager how much if a pain in the ass and how much time and money it takes to test and incorporate a single patch issued by ms into their system. Months and millions at times for a single patch. I am absolutely astounded that msm hasn't even touched on that. Maybe Tyler (s) can get in touch with a project manager and do a write up on it.

SubjectivObject's picture

What kind of criminal is it that through their knowing negligence commits the global population to waste quadrillions of life hours mitigating their negligence?

Here's looking at you, Bill.

And fuck the intent and actions of any non profit foundation you front.

Just give all the money back and then give direction that you are oh-so-slowly lowered into a ladle of molten metal.