{"id":13039,"date":"2018-09-17T15:09:57","date_gmt":"2018-09-17T15:09:57","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/29321\/Why-The-EternalBlue-Exploit-Refuses-To-Die.html"},"modified":"2018-09-17T15:09:57","modified_gmt":"2018-09-17T15:09:57","slug":"why-the-eternalblue-exploit-refuses-to-die","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/","title":{"rendered":"Why The EternalBlue Exploit Refuses To Die"},"content":{"rendered":"<p>EternalBlue simply refuses to go away and unpatched, unlicensed operating systems are part of the problem.<\/p>\n<div class=\"relatedContent alignRight\">\n<h3 class=\"heading\"><span class=\"int\">More security news<\/span><\/h3>\n<\/div>\n<p>The Microsoft Windows EternalBlue exploit was released to the <a href=\"https:\/\/www.zdnet.com\/article\/shadow-brokers-latest-file-drop-shows-nsa-targeted-windows-pcs-banks\/\">public in 2017<\/a> as part of a leaked cache of surveillance tools owned by the US National Security Agency (NSA)&#8217;s <a href=\"https:\/\/www.zdnet.com\/article\/beyond-stuxnet-and-flame-equation-group-most-advanced-cybercriminal-gang-recorded\/\" target=\"_blank\">Equation Group<\/a> hacking team.<\/p>\n<p>Following whistleblower and former NSA contractor <a href=\"https:\/\/www.zdnet.com\/article\/edward-snowden-five-years-on-tech-giants-change\/\" target=\"_blank\">Edward Snowden<\/a>&#8216;s disclosure of the agency&#8217;s mass surveillance activities, hackers calling themselves the <a href=\"https:\/\/www.zdnet.com\/article\/shadowbrokers-return-with-the-release-of-unitedrake-exploit\/\" target=\"_blank\">Shadow Brokers<\/a> compromised NSA systems and leaked the toolset.<\/p>\n<p>Among the exploit cache were exploits and zero-day vulnerabilities which allowed the NSA to compromise Windows and Linux systems, network equipment, firewalls, and more.<\/p>\n<p>Security researchers and affected vendors immediately set to work patching the leaked vulnerabilities, and whilst EternalBlue is a security flaw which was resolved, outdated and unpatched systems still permit the exploit to flourish in the hands of threat actors.<\/p>\n<p>The EternalBlue vulnerability, <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=cve-2017-0144\" target=\"_blank\" rel=\"noopener noreferrer\">CVE-2017-0144<\/a>, targets the Microsoft Windows Server Message Block (SMB) protocol and allows attackers to execute arbitrary code. A fix was issued in March 2017 by Microsoft.<\/p>\n<p>The bug has caused misery worldwide since its release and was used to infect systems with ransomware during the <a href=\"https:\/\/www.zdnet.com\/article\/wannacry-ransomware-crisis-one-year-on-are-we-ready-for-the-next-global-cyber-attack\/\">infamous WannaCry global outbreak<\/a> last year. The UK&#8217;s National Health Service (NHS), FedEx, Deutsche Bahn, Renault, and banks were <a href=\"https:\/\/www.techrepublic.com\/pictures\/gallery-10-major-organizations-affected-by-the-wannacry-ransomware-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">among the targets<\/a> of the campaign which compromised an estimated 230,000 PCs.<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_ZD_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p><strong>See also: <a href=\"https:\/\/www.zdnet.com\/article\/tech-support-scam-harnesses-google-chrome-browser-locker-exploit\/\">Windows support scam uses evil cursor attack to hijack Google Chrome sessions<\/a><\/strong><\/p>\n<p><span class=\"img aspect-set\"><img decoding=\"async\" src=\"https:\/\/zdnet3.cbsistatic.com\/hub\/i\/r\/2018\/09\/17\/9ca0b886-99ef-4e3b-a2e9-e3fb6a704070\/resize\/770xauto\/45fe873ef1e65fb2e73cf017ba8126a9\/screen-shot-2018-09-17-at-11-00-49.png\" class=\"\" alt=\"screen-shot-2018-09-17-at-11-00-49.png\" height=\"auto\" width=\"770\"\/><\/span><\/p>\n<p>EternalBlue was also used in a ransomware campaign that followed soon after. The cyberattack spread <a href=\"https:\/\/www.zdnet.com\/article\/petya-ransomware-cyber-attack-costs-could-hit-300m-for-shipping-giant-maersk\/\" target=\"_blank\">the Petya ransomware<\/a> from Ukraine to countries worldwide.<\/p>\n<p>The critical flaw has been patched but its legacy lives on.<\/p>\n<p>In June last year, for example, the exploit was <a href=\"https:\/\/www.zdnet.com\/article\/leaked-nsa-hacking-exploit-used-in-wannacry-ransomware-is-now-powering-trojan-malware\/\">integrated into exploit kits<\/a> to make Trojans such as Nitol and Gh0st RAT more effective.<\/p>\n<p>Security researchers from Avira have been tracking the vulnerability and reinfection rates across the world. In a <a href=\"https:\/\/blog.avira.com\/nsa-eternalblue-exploits-live-on-with-an-endless-infection-loop\/\" target=\"_blank\" rel=\"noopener noreferrer\">blog post last week<\/a>, the team said that unpatched PCs are a key reason EternalBlue won&#8217;t die, with impacted devices &#8220;getting stuck in an endless infection cycle with new infections occurring at the kernel level as the previous ones are removed.&#8221;<\/p>\n<p>Avira says that the exploit is finding its way to cracked and pirate versions of Microsoft Windows which are operating on the old SMB1 protocol, which is vulnerable to EternalBlue.<\/p>\n<p><strong>CNET: <a href=\"https:\/\/www.cnet.com\/news\/at-t-lets-nsa-hide-and-surveil-in-plain-sight-the-intercept-reports\/\" target=\"_blank\" rel=\"noopener noreferrer\">AT&amp;T lets NSA hide and surveil in plain sight, The Intercept reports<\/a><\/strong><\/p>\n<p>&#8220;We were researching the reasons behind a number of machines having repeated infections,&#8221; said Mikel Echevarria-Lizarraga, senior virus analyst in the Avira Protection Lab. &#8220;We&#8217;ve found that many of these serially infected machines were running activation cracks which means that they cannot or do not want to update Windows and install updates. It also means that they did not receive the emergency patch from Microsoft for this vulnerability.&#8221;<\/p>\n<p>Avira has uncovered roughly 300,000 systems which are impacted by EternalBlue. Indonesia is the hardest hit, followed by Taiwan, Vietnam, Thailand, and Egypt, among others.<\/p>\n<p>It is not just Windows machines which are running unlicensed software, however, that is a problem &#8212; threat actors worldwide are also utilizing EternalBlue for covert cryptojacking operations.<\/p>\n<p><strong>TechRepublic: <a href=\"https:\/\/www.techrepublic.com\/article\/heres-why-the-nsa-just-deleted-all-of-the-calls-and-texts-it-collected-since-2015\/\" target=\"_blank\" rel=\"noopener noreferrer\">Here&#8217;s why the NSA just deleted all of the calls and texts it collected since 2015<\/a><\/strong><\/p>\n<p>Cryptojacking is the use of computational power without the consent of users for the purpose of mining cryptocurrencies including Ethereum (ETH) and Monero (XMR).<\/p>\n<p>A common way to conduct cryptojacking is through the use of covert mining scripts, such as Coinhive, through browsers and web page visits. However, malware able to compromise PCs is also utilized &#8212; and the EternalBlue exploit has become a weapon of choice.<\/p>\n<p>In February, researchers discovered the Smominru miner botnet was using the exploit to <a href=\"https:\/\/www.zdnet.com\/article\/a-giant-botnet-is-forcing-windows-servers-to-mine-cryptocurrency\/\">mine for Monero<\/a>, bending 526,000 nodes &#8212; otherwise known as infected systems &#8212; to its will at its peak, netting its operators an estimated $3.6m from fraudulent mining.<\/p>\n<p>It was only a month later that <a href=\"https:\/\/www.zdnet.com\/article\/cryptojacking-attack-uses-leaked-nsa-exploit\/\">another cryptojacking scheme<\/a>, RedisWannaMine, was found to have harnessed EternalBlue to compromise Windows Servers for the same purpose.<\/p>\n<p>Unfortunately, EternalBlue is still very active in the cryptojacking space. According to recent <a href=\"https:\/\/www.cybereason.com\/blog\/wannamine-cryptominer-eternalblue-wannacry\" target=\"_blank\" rel=\"noopener noreferrer\">research from Cybereason<\/a>, a new outbreak of Wannamine, based on EternalBlue, has shown that the attack is still highly active a year after disclosure.<\/p>\n<p>&#8220;Wannamine isn&#8217;t a new attack,&#8221; the researchers say. &#8220;It leverages the EternalBlue vulnerabilities that were used to wreak havoc around the world almost a year and a half ago. But more than a year later, we&#8217;re still seeing organizations severely impacted by attacks based on these exploits.&#8221;<\/p>\n<p>Wannamine is not sophisticated and its components are made up of copy-and-paste code gained from repositories such as GitHub. A number of IPs associated with Wannamine servers are still active a year after being reported to associate hosting providers.<\/p>\n<p>Although the coding is crude, failure to patch has caused yet another outbreak &#8212; and unless individuals and companies take responsibility for protecting themselves, EternalBlue will continue to remain an effective tool harnessed by threat actors.<\/p>\n<p>&#8220;Until organizations patch and update their computers, they&#8217;ll continue to see attackers use these exploits for a simple reason: they lead to successful campaigns,&#8221; Cybereason added. &#8220;There&#8217;s no reason for security analysts to still be handling incidents that involve attackers leveraging EternalBlue. And there&#8217;s no reason why these exploits should remain unpatched.&#8221;<\/p>\n<h3>Previous and related coverage<\/h3>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/29321\/Why-The-EternalBlue-Exploit-Refuses-To-Die.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":13040,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[3506],"class_list":["post-13039","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackergovernmentmicrosoftflawcyberwarspywarensa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why The EternalBlue Exploit Refuses To Die 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why The EternalBlue Exploit Refuses To Die 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-09-17T15:09:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/why-the-eternalblue-exploit-refuses-to-die.png\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"576\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Why The EternalBlue Exploit Refuses To Die\",\"datePublished\":\"2018-09-17T15:09:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/\"},\"wordCount\":901,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/why-the-eternalblue-exploit-refuses-to-die.png\",\"keywords\":[\"headline,hacker,government,microsoft,flaw,cyberwar,spyware,nsa\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/\",\"name\":\"Why The EternalBlue Exploit Refuses To Die 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/why-the-eternalblue-exploit-refuses-to-die.png\",\"datePublished\":\"2018-09-17T15:09:57+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/why-the-eternalblue-exploit-refuses-to-die.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/09\\\/why-the-eternalblue-exploit-refuses-to-die.png\",\"width\":770,\"height\":576},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-the-eternalblue-exploit-refuses-to-die\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,government,microsoft,flaw,cyberwar,spyware,nsa\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackergovernmentmicrosoftflawcyberwarspywarensa\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Why The EternalBlue Exploit Refuses To Die\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why The EternalBlue Exploit Refuses To Die 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/","og_locale":"en_US","og_type":"article","og_title":"Why The EternalBlue Exploit Refuses To Die 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-09-17T15:09:57+00:00","og_image":[{"width":770,"height":576,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/why-the-eternalblue-exploit-refuses-to-die.png","type":"image\/png"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Why The EternalBlue Exploit Refuses To Die","datePublished":"2018-09-17T15:09:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/"},"wordCount":901,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/why-the-eternalblue-exploit-refuses-to-die.png","keywords":["headline,hacker,government,microsoft,flaw,cyberwar,spyware,nsa"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/","url":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/","name":"Why The EternalBlue Exploit Refuses To Die 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/why-the-eternalblue-exploit-refuses-to-die.png","datePublished":"2018-09-17T15:09:57+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/why-the-eternalblue-exploit-refuses-to-die.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/09\/why-the-eternalblue-exploit-refuses-to-die.png","width":770,"height":576},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/why-the-eternalblue-exploit-refuses-to-die\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,government,microsoft,flaw,cyberwar,spyware,nsa","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackergovernmentmicrosoftflawcyberwarspywarensa\/"},{"@type":"ListItem","position":3,"name":"Why The EternalBlue Exploit Refuses To Die"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/13039","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=13039"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/13039\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/13040"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=13039"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=13039"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=13039"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}