Stolen NSA Tools Like EternalBlue Keep Corporate Networks at Risk
Shadow Brokers’ 2016 theft of NSA cyber tools keeps corporate cybersecurity at risk.
Why it matters: Legal and cybersecurity teams must understand persistent threats from leaked NSA tools to manage breach risks and compliance effectively.
- In 2016, Shadow Brokers leaked NSA cyberweapons including EternalBlue affecting Windows systems.
- EternalBlue enabled 2017’s global WannaCry and NotPetya ransomware attacks causing billions in damages.
- By 2019, about one million computers remained vulnerable to EternalBlue exploits, showing ongoing risk.
- In 2022, NSA, CISA, and FBI warned of sophisticated attacks using custom data exfiltration tools linked to these threats.
In August 2016, the hacking group known as the Shadow Brokers released cyberweapons stolen from the NSA’s Equation Group. Among these was EternalBlue, a set of vulnerabilities in Microsoft Windows that remained unknown to the public (zero-day vulnerabilities).
The leaked tools were quickly exploited in major cyberattacks. In May 2017, the WannaCry ransomware used EternalBlue to compromise over 300,000 computers across 150 countries, encrypting files and demanding ransom payments within hours. This attack demonstrated how the leaked NSA tools could rapidly spread and disrupt critical systems. (TechCrunch 2019)
Shortly after, the NotPetya attack in June 2017 also leveraged EternalBlue, causing an estimated $10 billion in damages worldwide by disabling thousands of systems. Security experts noted the attack’s scale and speed reflected the potency of these leaks. (TechCrunch 2019)
Despite Microsoft releasing patches, by May 2019 an estimated one million computers remained vulnerable to exploitation via EternalBlue, indicating ongoing challenges in securing all affected environments. The number reflects systems either unpatched or running unsupported software versions. (TechCrunch 2019)
In October 2022, the NSA, Cybersecurity and Infrastructure Security Agency (CISA), and FBI jointly warned about attackers using advanced custom data exfiltration tools against organizations in the Defense Industrial Base sector. These tools are believed to be related to the techniques exposed by the stolen NSA cyberweapons. (NSA Press Room 2022)
The Shadow Brokers’ exact current status remains unclear, but their leak's consequences continue to influence cybersecurity risk and legal considerations. Corporate legal and cybersecurity teams should prioritize vulnerability management and understand how these exploits could affect breach liability and regulatory compliance.
By the numbers:
- 300,000 infected computers — WannaCry ransomware victims in 150 countries in 2017
- $10 billion — Estimated global damages caused by NotPetya attack leveraging EternalBlue
- 1 million vulnerable computers — Estimated at risk from EternalBlue exploits as of May 2019