Chinese hackers used NSA code to attack American targets

0
25
A Chinese group "cloned" code stolen from the National Security Agency years before a security flaw was fixed, researchers said this week. (AP Photo/Patrick Semansky, File)


A Chinese group “cloned” code stolen from the National Security Agency years before a security flaw was fixed, researchers said this week.

The Chinese group, identified as APT31, used the so-called exploit, along with other hacking tools to stage attacks, Check Point, an IT security firm, said in a research note. Generally an APT, or Advanced Persistent Threat, is associated with nation-state cyber activity.

“Check Point Research has determined that Chinese hackers cloned and actively used the cyber offensive tool of a US-based hacking group [that] is believed to be tied to the NSA,” a Check Point spokesperson said to Fox News in a statement.

“And it not only got into [Chinese] hands, but they repurposed it and used it, likely against US targets,” the spokesperson said.

A Chinese group “cloned” code stolen from the National Security Agency years before a security flaw was fixed, researchers said this week. (AP Photo/Patrick Semansky, File)
(AP)

ROMANCE SCAMS RAKED IN HUNDREDS OF MILLIONS IN 2020

Fox News has reached out to the NSA and the Chinese Embassy for comment.

The hacking tool that the Chinese used, called Jian, was a “replica” of EpMe, which is a Windows tool used for hacking and is associated with the Equation Group, a name given to a hacker group that is part of the NSA, according to Check Point.

That group was described by cybersecurity firm Kaspersky in 2015 as “one of the most sophisticated cyberattack groups in the world.”

The Chinese group, identified as APT31, used the so-called exploit, along with other hacking tools to stage attacks, Check Point, an IT security firm, said in a research note.

The Chinese group, identified as APT31, used the so-called exploit, along with other hacking tools to stage attacks, Check Point, an IT security firm, said in a research note.
(REUTERS/Kim Kyung-Hoon)

5 WAYS TO A STRONG PASSWORD AND BETTER PERSONAL CYBERSECURITY

The replicated software was used between 2014 and 2017. The flaw, or vulnerability, wasn’t fixed until 2017, Check Point said.

Essentially, it would allow hackers to gain access to Microsoft networks at highly privileged levels, meaning they could gain deep access to networks.

The vulnerability was first caught by Lockheed Martin’s Incident Response team and then detailed by Microsoft in 2017, Check Point said.

That group was described by cybersecurity firm Kaspersky in 2015 as "one of the most sophisticated cyberattack groups in the world." (iStock)

That group was described by cybersecurity firm Kaspersky in 2015 as “one of the most sophisticated cyberattack groups in the world.” (iStock)

CLICK HERE TO GET THE FOX NEWS APP

“An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” Microsoft said in its Executive Summary of the flaw.

The 2017 Microsoft update addressed the vulnerability by “preventing instances of unintended user-mode privilege elevation.”

Happened Before

This is not the first time something like this has happened. Chinese hackers took advantage of NSA hacking tools EternalBlue and EternalRomance, as reported by cybersecurity firm Symantec in 2018.

In this case, “the consensus among our group of security researchers as well as in Symantec was that the Chinese exploit was reconstructed from captured network traffic,” Check Point said. 



Source link

LEAVE A REPLY

Please enter your comment!
Please enter your name here