NSA-Linked 'DarkPulsar' Exploit Tool Detailed

[silversurfer]

Kaspersky Lab security researchers have analyzed another exploit tool that was supposedly stolen from the National Security Agency-linked Equation Group.

Kaspersky Lab has determined that the DarkPulsar backdoor, which targets both 32-bit and 64-bit systems, was used on 50 victims located in Russia, Iran and Egypt, and that it typically infected machines running Windows Server 2003/2008. The victims are in the nuclear energy, telecommunications, IT, aerospace and R&D sectors.

The security researchers believe that the victims were the targets of a long-term espionage campaign. The backdoor not only includes an advanced mechanism of persistence, but also functionality to bypass the need to enter a valid username and password during authentication. It also encapsulates its traffic into legitimate protocols.

Source: https://www.securityweek.com/nsa-linked-...l-detailed