EternalBlue

Intro
EternalBlue is an exploit tool that was designed by the National Security Agency (NSA) and is believed to be used in conjunction with the DoublePulsar tool (also developed by the NSA). EternalBlue is used to exploit the Microsoft Windows SMBv1 protocol vulnerability (CVE-2017-0144) and was made famous after its use in the WannaCry ransomware outbreak.

Exploit
EternalBlue exploits the SMBv1 protocol vulnerability. The vulnerability allows the tool to take advantage of the way Windows mishandles packets that have been specially crafted by remote users (or attackers). Once successfully exploited the attackers can remotely execute arbitrary code, read and write files and request services from the affected computer undefined.

This vulnerability affects a wide range of Windows operating systems ranging from Windows XP and Windows Server 2003 to Windows 10 and Windows Server 2016. It's believed that the NSA used EternalBlue to install additional tools on computers worldwide in order to carry out covert surveillance undefined. This caused an uproar from Microsoft stating that due to the NSA keeping vulnerabilities that they discovered a secret, Microsoft is unable to release patches for these issues in a timely manner.

Usage
It's been speculated that the NSA used EternalBlue to gain an elevated level of privileges on computers after exploiting the SMBv1 protocol. Once they have gained control they would be able to install additional tools for surveillance and also backdoors, such as DoublePulsar, to maintain access and control of the affected computer.

EternalBlue was one of the tools stolen by the Shadow Brokers hacking group and leaked to the public. From there attackers worldwide quickly made use of the tool and embedded it inside their malware. The malware that made EternalBlue famous was the WannaCry ransomware which used the tool to spread over vulnerable networks and install itself without the need for user interaction. The NotPetya outbreak also made use of EternalBlue as one of its methods to enter a network and attack computers.