Security News > 2021 > February > The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public
![The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public](/static/build/img/news/alt/managed-security-medium.jpg)
A zero-day exploit said to have been developed by the NSA was cloned and used by Chinese government hackers on Windows systems years before the cyber-weapon was leaked online, it is claimed.
Check Point put out a report on Monday digging into Chinese malware it calls Jian, and argues persuasively this particular software nasty was spawned sometime around 2014 from NSA exploit code that eventually leaked online in 2017.
2013: NSA's Equation Group developed a set of exploits including one called EpMe that elevates one's privileges on a vulnerable Windows system to system-administrator level, granting full control.
Mid 2017: Microsoft quietly fixed the vulnerability exploited by the leaked EpMo exploit.
It could be that Beijing obtained a copy of Equation Group's EpMe, or observed it being used and recreated it, and used it while the hole in Microsoft's Windows remained unfixed.
The Shadow Brokers were also responsible for leaking the Eternal series of exploits that were later used to spread software nasties, such as the Wannacry ransomware and NotPetya malware.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/02/23/microsoft_chinese_nsa/
Related news
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
- ArcaneDoor hackers exploit Cisco zero-days to breach govt networks (source)
- State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers (source)
- QNAP QTS zero-day in Share feature gets public RCE exploit (source)
- Update Chrome Browser Now: 4th Zero-Day Exploit Discovered in May 2024 (source)
- Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel (source)