Security News > 2021 > March > Chinese Hackers Stole an NSA Windows Exploit in 2014
Check Point has evidence that Chinese hackers stole and cloned an NSA Windows hacking tool years before Russian hackers stole and then published the same tool.
2013: NSA's Equation Group developed a set of exploits including one called EpMe that elevates one's privileges on a vulnerable Windows system to system-administrator level, granting full control.
2014-2015: China's hacking team code-named APT31, aka Zirconium, developed Jian by, one way or another, cloning EpMe.
Early 2017: The Equation Group's tools were teased and then leaked online by a team calling itself the Shadow Brokers.
Around that time, Microsoft cancelled its February Patch Tuesday, identified the vulnerability exploited by EpMe, and fixed it in a bumper March update.
Mid 2017: Microsoft quietly fixed the vulnerability exploited by the leaked EpMo exploit.
News URL
Related news
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Chinese Hackers Exploit Visual Studio Code in Southeast Asian Cyberattacks (source)
- Chinese Hackers Exploit GeoServer Flaw to Target APAC Nations with EAGLEDOOR Malware (source)
- Windows driver zero-day exploited by Lazarus hackers to install rootkit (source)
- Blind Eagle Hackers Exploit Spear-Phishing to Deploy RATs in Latin America (source)
- Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor (source)
- 0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) (source)
- Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs (source)
- Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors (source)