Security News > 2021 > February > Chinese hackers used NSA exploit years before Shadow Brokers leak
Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017.
"To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called 'EpMe'," Check Point said.
This was made possible after the Chinese state hackers captured 32-bit and 64-bit samples of the Equation Group's EpMe exploit.
Once replicated, the zero-day exploit was used by APT31 alongside other hacking tools in their arsenal, including the group's multi-staged packer.
As Check Point says, the APT31 operators could get their hands on the exploit samples themselves in all of their supported versions since Jian was assembled using the 32-bits and 64-bits versions of Equation Group's exploit.
Captured during an Equation Group operation on a 3rd-party network which was also monitored by the Chinese APT. Captured by the Chinese APT during an attack on Equation Group infrastructure.
News URL
Related news
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Hackers leak 2.7 billion data records with Social Security numbers (source)
- Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors (source)
- US offers $2.5 million reward for hacker linked to Angler Exploit Kit (source)