Security News > 2021 > February > Chinese hackers used NSA exploit years before Shadow Brokers leak
Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017.
"To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called 'EpMe'," Check Point said.
This was made possible after the Chinese state hackers captured 32-bit and 64-bit samples of the Equation Group's EpMe exploit.
Once replicated, the zero-day exploit was used by APT31 alongside other hacking tools in their arsenal, including the group's multi-staged packer.
As Check Point says, the APT31 operators could get their hands on the exploit samples themselves in all of their supported versions since Jian was assembled using the 32-bits and 64-bits versions of Equation Group's exploit.
Captured during an Equation Group operation on a 3rd-party network which was also monitored by the Chinese APT. Captured by the Chinese APT during an attack on Equation Group infrastructure.
News URL
Related news
- Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (source)
- Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Hackers leak configs and VPN credentials for 15,000 FortiGate devices (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet (source)
- Hackers exploit 16 zero-days on first day of Pwn2Own Automotive 2025 (source)
- Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards (source)
- Hackers exploit critical unpatched flaw in Zyxel CPE devices (source)
- Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware (source)