Indexsinas, aka NSABuffMiner, has been lurking since 2019, researchers say. The self-propagating malware s attack chain is complex, using former NSA cyberweapons. It makes use of the old Equation Group weapons arsenal, including the infamous EternalBlue and EternalRomance exploits for invading Windows SMB shares, as well as the DoublePulsar backdoor. The attack begins when a machine is breached using the NSA’s aforementioned exploitation tools, according to researchers.
Source: https://threatpost.com/indexsinas-smb-worm-enterprises/167455/