Security News > 2021 > February > Chinese Hackers Had Access to a U.S. Hacking Tool Years Before It Was Leaked Online
On August 13, 2016, a hacking unit calling itself "The Shadow Brokers" announced that it had stolen malware tools and exploits used by the Equation Group, a sophisticated threat actor believed to be affiliated to the Tailored Access Operations unit of the U.S. National Security Agency.
"The caught-in-the-wild exploit of CVE-2017-0005, a zero-day attributed by Microsoft to the Chinese APT31, is in fact a replica of an Equation Group exploit codenamed 'EpMe,'" Check Point researchers Eyal Itkin and Itay Cohen said.
DanderSpritz was among the several exploit tools leaked by the Shadow Breakers on April 14, 2017, under a dispatch titled "Lost in Translation." The leak is best known for publishing the EternalBlue exploit that would later power the WannaCry and NotPetya ransomware infections that caused tens of billions of dollars' worth of damage in over 65 countries.
Check Point's findings are not the first time Chinese hackers have purportedly hijacked NSA's arsenal of exploits.
In May 2019, Broadcom's Symantec reported that a Chinese hacking group called APT3 also had repurposed an NSA-linked backdoor to infiltrate telecom, media, and manufacturing sectors.
"The mere fact that an entire exploitation module, containing four different exploits, was just lying around unnoticed for four years on GitHub, teaches us about the enormity of the leak around Equation Group tools."
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/cBTKbRgGhns/chinese-hackers-had-access-to-us.html
Related news
- Chinese hackers hide on military and govt networks for 6 years (source)
- Researchers Warn of Chinese-Aligned Hackers Targeting South China Sea Countries (source)
- Chinese hacking groups team up in cyber espionage campaign (source)
- Chinese hackers breached 20,000 FortiGate systems worldwide (source)
- 20,000 FortiGate appliances compromised by Chinese hackers (source)
- Microsoft bigwig says the Feds catching Chinese spies in Exchange Online is the cloud working as intended (source)
- Chinese Hackers Deploy SpiceRAT and SugarGh0st in Global Espionage Campaign (source)
- Chinese and N. Korean Hackers Target Global Infrastructure with Ransomware (source)
- Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-03-17 | CVE-2017-0005 | Unspecified vulnerability in Microsoft products The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application, aka "Windows GDI Elevation of Privilege Vulnerability." This vulnerability is different from those described in CVE-2017-0001, CVE-2017-0025, and CVE-2017-0047. | 7.8 |