Guardicore Labs exposes new details of a massive attack campaign dubbed Indexsinas (also known as “NSABuffMiner”) which breaches networks through

SMB Worm “Indexsinas” Uses Lateral Movement to Infect Whole Networks

submited by
Style Pass
2021-07-01 08:00:08

Guardicore Labs exposes new details of a massive attack campaign dubbed Indexsinas (also known as “NSABuffMiner”) which breaches networks through SMB servers and makes aggressive use of lateral movement to propagate. The attack campaign targets Windows servers vulnerable to EternalBlue (MS17-010) and still infects machines worldwide.

Propagation is achieved through the combination of an open source port scanner and three Equation Group exploits – EternalBlue, DoublePulsar and EternalRomance. These exploits are used to breach new victim machines, obtain privileged access, and install backdoors. These exploits appear to still be highly successful despite being made public four years ago after their first occurrence in the WannaCry and NotPetya cyberattacks. Indexsinas proves that networks today are vulnerable to even non-targeted, opportunistic attack campaigns.

The Indexsinas campaign started attacking Guardicore Global Sensors Network (GGSN) at the beginning of 2019 and is still active today. Guardicore’s sensors have recorded over 2,000 attacks since we began tracking the campaign.

Leave a Comment