For starters, when you research the malware in question, it is something called "RobinHood", which has been analyzed here.
Hmm. Don't see anything about ETERNALBLUE, do we? |
Generally what everyone uses for lateral movement is Active Directory. You can learn more about it from Microsoft Research themselves in this Infiltrate2015 talk! Because this is a design flaw, it's not something you can really patch.
A giant pile of wrong from the article because the authors don't know what they are talking about. |
First of all, "NOBUS" when used officially means only capabilities controlled by strong cryptography - exploits are never in that category. They are always a risk/reward calculation. Secondarily hackers had amazing exploits during the Cambrian explosion after the 1996 papers on buffer overflows came out. Here is a talk from Infiltrate2019 which covers a bit of the history.
I'm not sure what their UNNAMED BUT AMAZING sources said about ETERNALBLUE and the Baltimore ransomeware attack, but you have to apply a bit of basic cognition to the question and that particular exploit being used to do lateral movement for this ransomware is neither supported by any public facts, nor my own sources on the issue.
In addition, it is hard to say that ETERNALBLUE is anything other than the particular exploit leaked by the SHADOWBROKERS. Metasploit and many others have released combo-packs targeting many vulns fixed in that patch to provide more reliable exploits against many more target operating systems. Once a patch comes out, no matter who found the bug that led the patch, anyone can reverse engineer the patch to write an exploit. SO IT DOESN'T MATTER IF A BUG IS LEAKED/FOUND OR DISCOVERED INTERNALLY BY MICROSOFT IN TERMS OF RISK IF YOU HAVEN'T PATCHED TWO YEARS LATER. This is unfortunately a point that has to be made since Nicole and Scott started their bizarre and baseless ideological blame-game.
-----
EXTRAS:
For another well researched position on this, please see Rob Graham's piece here.