A set of hacking tools allegedly created by the United States National Security Agency (NSA) that was leaked online in April reportedly enabled a massive hacking attack that compromised computers in at least 99 countries around the world in the last 24 hours, recent reports indicate. After a hacking collective known as Shadow Brokers released the NSA's software and accompanying documentation last month, the same set of tools was used for conducting a widespread attack on machines running Microsoft's Windows operating system. The attack itself was conducted using a revised version of a known ransomware strain "WannaCry" that exploits a specific Windows bug, security experts claim, adding that Taiwan, Ukraine, and Russia were among the hardest-hit targets of the attack. However, some cyber security experts in the West have previously connected Shadow Brokers to the Russian government, though the origin of the group hasn't been confirmed to this date.
The hacking attack that was allegedly enabled by NSA's tools crippled the systems of the British National Health Service (NHS) on Friday despite the fact that the vulnerability it exploited was reportedly patched by Microsoft in March, around a month before Shadow Brokers publicized the critical bug. However, many of the NHS-run systems reportedly weren't patched in a timely manner, just like other machines affected by the breach in all parts of the world. Regardless of the circumstances that led to the attack, some advocacy groups and individuals in the West used the latest turn of events as an opportunity to highlight what they deem are worrying cyber security practices employed by the NSA and other U.S. agencies who reportedly often hoard lists of vulnerabilities without disclosing them to technology companies due to the possibility that they may want to use them themselves at a later date. Even though the recently leaked set of the agency's tools and known vulnerabilities has been fixed by Microsoft by the time it was made public, lax updating practices among users still lead to significant issues; e.g. many of the NHS-owned systems were completely blocked by ransomware yesterday, demanding payment for providing access to patient records. While the exact consequences of the ordeal are still unclear, some medical professionals in the United Kingdom already said that the incident might have resulted in human casualties.
The NSA has yet to officially confirm that the tools employed by hackers on Friday were truly developed by the Fort Meade, Maryland-based federal agency. An update on the aftermath of the attack is expected to follow later this month.