More than four years after a mysterious group of hackers known as the Shadow Brokers began wantonly leaking secret NSA hacking tools onto the internet, the question that debacle raised—whether any intelligence agency can prevent its "zero-day" stockpile from falling into the wrong hands—still haunts the security community. That wound has now been reopened, with evidence that Chinese hackers obtained and reused another NSA hacking tool years before the Shadow Brokers brought it to light.
On Monday, the security firm Check Point revealed that it had discovered evidence that a Chinese group known as APT31, also known as Zirconium or Judgment Panda, had somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group, a security industry name for the highly sophisticated hackers widely understood to be a part of the NSA. According to Check Point, the Chinese group in 2014 built their own hacking tool from EpMe code that dated back to 2013. The Chinese hackers then used that tool, which Check Point has named "Jian" or "double-edged sword," from 2015 until March 2017, when Microsoft patched the vulnerability it attacked. That would mean APT31 had access to the tool, a "privilege escalation" exploit that would allow a hacker who already had a foothold in a victim network to gain deeper access, long before the late 2016 and early 2017 Shadow Brokers leaks.
Only in early 2017 did Lockheed Martin discover China’s use of the hacking technique. Because Lockheed has largely US customers, Check Point speculates that the hijacked hacking tool may have been used against Americans. "We found conclusive evidence that one of the exploits that t ..
Support the originator by clicking the read the rest link below.
