National News

China hijacked NSA hacking tool to attack US citizens

In a daring incident, Chinese cybercriminals managed to steal, clone and use nation-grade cyber tools from none other than the US’ National Security Agency (NSA) to attack US targets.

Sentinel Digital Desk

NEW DELHI: In a daring incident, Chinese cybercriminals managed to steal, clone and use nation-grade cyber tools from none other than the US' National Security Agency (NSA) to attack US targets. The tool called "Jian" was actually a clone of software developed by the US National Security Agency (NSA)'s Equation Group, described as "one of the most sophisticated cyberattack groups in the world", according to a report by Check Point Research.

"The caught-in-the-wild exploit of CVE-2017-0005, a 0-Day attributed by Microsoft to the Chinese APT31 (Zirconium), is in fact a replica of an Equation Group exploit code-named EpMe," the researchers said.

Chinese bad actors had access to EpMe's files, both their 32-bits and 64-bits versions, more than two years before the infamous Shadow Brokers leak. In the Shadow Brokers leak, a mysterious group decided to publicly publish a wide range of cyber weapons allegedly developed by the Tailored Access Operations (TAO) unit of the NSA — also referred to as the 'Equation Group'.

The Shadow Brokers leak led to some of the biggest cyber outbreaks in history — the most famous of which was the WannaCry attack causing hundreds of millions of dollars in damages to organisations across the globe - and which its implications are still relevant even three years after it happened.

According to the researchers, Jian which is a clone of "EpMe" and was also included in the Shadow Brokers leak has been "repurposed" by Chinese threat actors to attack US targets.

"Cyber weapons are digital and volatile by nature. Stealing them and transferring from one continent to another can be as simple as sending an email. They are also very obscure, and their mere existence is a closely guarded secret," said Check Point researchers in a statement on Monday. The APT31 exploit was reported to Microsoft by Lockheed Martin's Computer Incident Response Team, hinting at a possible attack against an American target.

A Lockheed Martin spokesperson told ZDNet that their cybersecurity team routinely evaluates third-party software and technologies to identify vulnerabilities and responsibly reports them to developers and other interested parties. (IANS)