Chinese spies cloned U.S.’s cyber weapon and used it for years

Chinese spies cloned U.S.’s cyber weapon and used it for years.   | Photo Credit: Reuters

(Subscribe to our Today's Cache newsletter for a quick snapshot of top 5 tech stories. Click here to subscribe for free.)

Chinese spies cloned and actively used cyber offensive tool codes, developed by the U.S. National Security Agency, for their hacking operations, according to a report by Check Point Software Technologies.

The U.S. version of the tool was cloned by a Chinese-affiliated attack group labelled APT 31 or Zirconium in 2014, the report said.

The malware dubbed “Jian” was used until 2015 before the attack tool was caught and reported to Microsoft by Lockheed Martin’s Computer Incident Response Team, hinting at a possible attack against an American target. It was patched in March 2017.

Researchers discovered that a Windows vulnerability that was attributed to a Chinese attack group was based on a hacking tool “EpMe” created by the Equation group, a security industry name for hackers that are part of NSA. The Chinese hacker group built their own hacking tool, a replica of EpMe in 2014.

“This means that a Chinese-affiliated group used an Equation Group exploit possibly against American targets,” Check Point said in a blog post.

Researchers noted that “Jian” was constructed from the actual sample of the Equation Group exploit. They speculate that the exploit samples could have been acquired by Chinese during an Equation Group network operation on a Chinese target.

Besides, APT maybe have captured samples either during an Equation Group operation on a 3rd-party network which was also monitored by the Chinese APT or during an attack on Equation Group infrastructure.

Our code of editorial values

This article is closed for comments.
Please Email the Editor

Printable version | Jan 25, 2022 1:50:23 AM |

Next Story