Security News > 2021 > March > Chinese Hackers Stole an NSA Windows Exploit in 2014
Check Point has evidence that Chinese hackers stole and cloned an NSA Windows hacking tool years before Russian hackers stole and then published the same tool.
2013: NSA's Equation Group developed a set of exploits including one called EpMe that elevates one's privileges on a vulnerable Windows system to system-administrator level, granting full control.
2014-2015: China's hacking team code-named APT31, aka Zirconium, developed Jian by, one way or another, cloning EpMe.
Early 2017: The Equation Group's tools were teased and then leaked online by a team calling itself the Shadow Brokers.
Around that time, Microsoft cancelled its February Patch Tuesday, identified the vulnerability exploited by EpMe, and fixed it in a bumper March update.
Mid 2017: Microsoft quietly fixed the vulnerability exploited by the leaked EpMo exploit.
News URL
Related news
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- US says Chinese hackers breached multiple telecom providers (source)
- Chinese Hackers Use CloudScout Toolset to Steal Session Cookies from Cloud Services (source)
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Sophos reveals 5-year battle with Chinese hackers attacking network devices (source)
- Sophos Versus the Chinese Hackers (source)
- FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables (source)