A year and a half after the known vulnerabilities of the NSA and used to carry out attacks ransomware or mining crypto-currencies around the world, its tools continue to infect millions of computers not yet updated.

As he collects TechCrunchAkamai, a cybersecurity firm, says hackers are now using the UPnProxy vulnerability. They penetrate local networks and affect unpatched computers. According to previous reports, this method was already used to infiltrate malicious traffic that could be used to conduct DDoS attacks, malware infections, or information dissemination. spam.

The difference is that until nowand, as far as we know, these devices they were protected by IP masking of his own routers:

"While it's unfortunate to see how UPnProxy is used to attack systems up to now protected by IP masking, it had to happen at some point."

At present, two of these NSA tools have been detected and used in this way: Eternal Blue, which acts as a backdoor on Windows computers and EternalRed, which affects Linux devices. Since Akamai has called this new attack EternalSilence, claiming that it already affects more than 45,000 devices, they recognize however that its reach is perhaps close to a million.

Both vulnerabilities have already been corrected, this new method simply tries access to computers that are not, more than a year later, always up-to-date. For equipment already affected, the software update may not be the definitive solution, if they have already entered it. Because of the difficulty in detecting these tools and although Disabling UPnP on our router might be enough, it would most likely "completely replace it".