Leaked code targeting Microsoft Systems which hackers allegedly stole from the U.S. National Security Agency (NSA) sparked a fivefold increase in cryptocurrency mining malware infections, Bloomberg reports Wednesday, September 19, citing a new cryptojacking report.
Eternal Blue, the tool which can exploit vulnerabilities in Microsoft software, is behind the now-infamous global cyberattacks WannaCry and NotPetya, which continue to cause disruption since they first surfaced in 2017. Bloomberg notes that Eternal Blue was allegedly stolen from the NSA in 2017 by a hacking group called the Shadow Brokers.
Hackers have since been using the tool in order to gain access to computers in order to covertly mine for cryptocurrency, with detections up 459 percent this year, according to the report from the Cyber Threat Alliance (CTA).
“Combined threat intelligence from CTA members show that this rapid growth shows no signs of slowing down, even with recent decreases in cryptocurrency value,” the company writes in a preface to its most recent report, stating:
“Because this threat is relatively new, many people do not understand it, its potential significance, or what to do about it.”
Rather than Bitcoin (BTC) or Ethereum (ETH), it is privacy-focused altcoins such as Monero which are hackers’ preferred target, the report notes.
The uptick, CTA says, comes as such operations are becoming more “sophisticated.”
“Analysts have observed successful and widespread attackers ‘living off the land,’ or employing legitimate functionality to download and execute miners that would be more difficult for an observer or antivirus to detect,” the preface continues, highlighting the Monero mining campaign Smominru as an example.
The NSA did not respond to Bloomberg’s request for comment on the findings upon publication.