Have you ever wondered what happens when
hackers gain access to state-developed malware tools? Well, now you don’t have
to; a type of malware called Double Pulsar, that has been utilized in the past
by the NSA, was bundled with a Chinese hacking tool and used to carry out
attacks on Hong Kong and Belgium in 2016. Needless to say, this threat is
Double Pulsar could be used to install
additional malware on a target PC. At the time the threat could only be
leveraged against 32-bit operating systems, but the Chinese-hacked tool struck
later in the year versus 64-bit machines and newer operating systems. Symantec
has found evidence that this threat was utilized, hypothesizing that the
Chinese hackers built the tool after analyzing network traffic during a
legitimate Double Pulsar attack.
The possibility that the hackers discovered
the threat through a different vector exists, such as stealing the threat from
an unsecured server, but the fact remains that this sets a dangerous precedent
for tools like these being taken and used against their intentions.
It’s noteworthy to mention that the hacking
group that utilized Double Pulsar is no longer active, but this shouldn’t
mitigate the risks associated with it--especially since the tool is still out
there for use by other threat actors. Thankfully, the Chinese tool also took
advantage of a Windows vulnerability that has since been patched… so there’s
This isn’t the first time that hacking tools
utilized by the NSA were stolen and utilized by hackers. In 2017, a group
called the Shadow Brokers stole and dumped several hacking tools online, which
is where the name Double Pulsar was originally discovered. If anything, the
revelation that this threat existed at some point in the past only further
exacerbates the need for proper network security--especially state actors that
take more liberties with the development of these types of tools.
What are your thoughts on these developments and the possibility that these threats could be used to attack organizations like yours in the future? Let us know in the comments and be sure to ask us how you can secure your network from these threats. We have all kinds of tools at our disposal that can keep your business safe from harm. Call us today at 859-746-1030 to learn more.