Super-Stealthy Attackers Used NSA Explopits Before WannaCry

Home / Articles / External Non-Government


May 22, 2017 | Originally published by Date Line: May 22 on

Weeks before the WannaCry ransomware spread like wildfire through unpatched Windows systems, a more sophisticated, stealthier attacker used the same NSA-engineered cyberweapon to infiltrate the IT networks of companies across the world, including at least one publicly traded in the U.S., according to new research.

So stealthy was the fileless, in-memory attack, which hides itself inside the activity of a legitimate application, that it evaded five different security products running on the infected system, Gil Barak, CTO of Israeli cybersecurity firm Secdo told CyberScoop. Those products included so-called “next generation” filters that don’t rely on known signatures, he said.

“Not only did they not stop the attack, they couldn’t even see it,” he said. Attackers using the technique “can pretty much do what they want, unnoticed — and then vanish.”