What has been discovered?
The EpMe exploit was originally created by Equation Group (NSA's Tailored Access Operations unit) in 2013. APT31 (aka Zirconium) built its own exploit dubbed Jian, by replicating the functionality of the EpMe exploit.
APT31 hackers apparently captured 32-bit and 64-bit samples of the Equation Group's EpMe exploit in 2014 to create the Jian exploit.
This exploit, alongside other hacking tools, takes advantage of the Windows zero-day bug tracked as CVE-2017-2005.
The abuse of this vulnerability by Jian was first discovered by Lockheed Martin’s IRT when an exploit sample was spotted running in the wild. Later, it was shared with Microsoft.
A brief about the exploit
EpMe is based on the bug CVE-2017-2005, a local privilege escalation bug that affects devices running Windows XP up to Windows 8.
This vulnerability allows user privileges escalation after gaining access to targeted devices.
Microsoft patched this security bug in March 2017.
How did APT31 get access to the EpMe exploit?
According to Check Point, the attackers could have obtained access to the exploit sample in one of the following ways:
They could have captured it when Equation Group ran a network operation on a Chinese target.
It could happen when Equation Group was working on an operation ..
Support the originator by clicking the read the rest link below.
