Security News > 2021 > March > Chinese Hackers Stole an NSA Windows Exploit in 2014
Check Point has evidence that Chinese hackers stole and cloned an NSA Windows hacking tool years before Russian hackers stole and then published the same tool.
2013: NSA's Equation Group developed a set of exploits including one called EpMe that elevates one's privileges on a vulnerable Windows system to system-administrator level, granting full control.
2014-2015: China's hacking team code-named APT31, aka Zirconium, developed Jian by, one way or another, cloning EpMe.
Early 2017: The Equation Group's tools were teased and then leaked online by a team calling itself the Shadow Brokers.
Around that time, Microsoft cancelled its February Patch Tuesday, identified the vulnerability exploited by EpMe, and fixed it in a bumper March update.
Mid 2017: Microsoft quietly fixed the vulnerability exploited by the leaked EpMo exploit.
News URL
Related news
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- OilRig Exploits Windows Kernel Flaw in Espionage Campaign Targeting UAE and Gulf (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials (source)
- Chinese Nation-State Hackers APT41 Hit Gambling Sector for Financial Gain (source)
- Hackers exploit Roundcube webmail flaw to steal email, credentials (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)