Criminal hacking groups have repurposed a second classified cyber weapon stolen from US spies and have made it available on the so-called dark web after the success of the WannaCry attack that swept across the globe on Friday.
The hacking tool, developed by the US National Security Agency and codenamed EsteemAudit, has been adapted and is now available for criminal use, according to security analysts.
As with the NSA’s EternalBlue, the tool on which WannaCry was based, EsteemAudit exploits a vulnerability in older versions of Microsoft’s Windows software in the way in which networked machines communicate with each other.
Microsoft issued patches for vulnerable versions of its Windows software over the weekend — though experts warn many organisations have yet to apply them.