Chinese hackers cloned a Windows security flaw stolen from the NSA

Hacker
(Image credit: TheDigitalArtist / Pixabay)

The investigation into a malware tool being used by Chinese hackers has revealed it to be a copy of software reportedly originally developed by part of the US National Security Agency (NSA).

Security researchers at Check Point Research (CPR) originally thought the tool dubbed Jian was custom built by Chinese threat actors. However further CPR digging revealed that it is a clone of the EpMe software, which was used by the Equation Group, which has long been suspected to operate on the behest of the NSA.

According to ZDNet, CPR notes that "the tool is used after an attacker gains initial access to a target computer -- say, via zero-click vulnerability, phishing email, or any other option -- to give the attacker the highest available privileges, so they could "roam free" and do whatever they like on the already infected computer."

Leaked and repurposed

Both Jian and EpMe exploit the Windows privilege escalation vulnerability tracked as CVE-2017-005. Researchers add that the tools exploited the vulnerability between 2014 and 2017, before it was finally patched by Microsoft.  

While originally thought to be custom built by a Chinese advanced persistent threat group (APT) called APT31, also known as Zirconium, the researchers now believe the tool was part of a series of leaks by the Shadow Brokers group in 2017. It was then "repurposed" to attack US citizens.  

Interestingly, it is reported that this is not the only example of a Chinese APT stealing and repurposing tools originally developed by the NSA. In another case documented by Symantec back in 2019, threat actors known as Buckeye were also found to be using tools developed by the Equation Group, prior to the Shadow Brokers leak.  

Via: ZDNet

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Latest in Security
Data Breach
Thousands of healthcare records exposed online, including private patient information
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Latest in News
A super close up image of the Google Gemini app in the Play Store
It's official: Google Assistant will be retired for phones this year, with Gemini taking over
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 16 (game #1147)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 16 (game #378)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 16 (game #644)
Three iPhone 16 handsets on show
Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before
Super Mario Odyssey
ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough