Security News > 2021 > February > The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public

A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed.

Check Point put out a report on Monday digging into Chinese malware it calls Jian, and argues persuasively this particular software nasty was spawned sometime around 2014 from NSA exploit code that eventually leaked online in 2017.

2013: NSA's Equation Group developed a set of exploits including one called EpMe that elevates one's privileges on a vulnerable Windows system to system-administrator level, granting full control.

Mid 2017: Microsoft quietly fixed the vulnerability exploited by the leaked EpMo exploit.

It could be that Beijing obtained a copy of Equation Group's EpMe, or observed it being used and recreated it, and used it while the hole in Microsoft's Windows remained unfixed.

The Shadow Brokers were also responsible for leaking the Eternal series of exploits that were later used to spread software nasties, such as the Wannacry ransomware and NotPetya malware.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/02/23/microsoft_chinese_nsa/