Most of the tools used by Chafer, including SMB hacking tools like EternalBlue, were stolen from the NSA and are freely available on the public internet.

The hacking group, dubbed OilRig by security researchers and believed to be tied to Iranian intelligence services, utilized a software flaw that allows attackers to execute a remote computer intrusion to take full control of a target device while leaving little or no trace, said Michael Gorelik, vice president of Israeli security firm Morphisec.