Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack.
[2] Unlike malware used by script kiddies to organize botnets, where the ownership, physical location, and normal role of the machines attacked is largely irrelevant, cyberweapons show high selectivity in either or both of their employment and their operation.
[3] Likewise, malware employed by fraudsters for the theft of personal or financial information demonstrates lower selectivity and wider distribution.
The following malware agents generally meet the criteria above, have been formally referred to in this manner by industry security experts, or have been described this way in government or military statements: Stuxnet was among the first and one of the most influential cyberweapons.
[13] Following the Stuxnet attacks, Iran used cyberweapons to target top American financial institutions, including the New York Stock Exchange.
[7] In 2017, data breaches showed that supposedly secure hacking tools used by government agencies can be obtained − and sometimes exposed − by third parties.
Furthermore, it was reported that after losing control of such tools the government appears to leave "exploits open to be re-used by scammers, criminals, or anyone else − for any purpose".
[15] Claudio Guarnieri, a technologist from Amnesty International states: "what we learn from the disclosures and leaks of the last months is that unknown vulnerabilities are maintained secret even after they've been clearly lost, and that is plain irresponsible and unacceptable".
[15] Also in that year WikiLeaks released the Vault 7 documents series that contain details of CIA exploits and tools with Julian Assange stating that they are working to "disarm" them before publication.
[8] When the Shadow Brokers publicly released EternalBlue, it was quickly used by North Korean and Russian hackers, who formed it into the ransomware WannaCry[5] and NotPetya,[6] respectively.