Chinese cyberattackers copied tools linked to the National Security Agency and sought to hack Americans, according to cybersecurity analysts.
The analysts at cybersecurity firm Check Point said the China-backed APT31, also known as Zirconium, made “Jian,” a replica of an exploit originally attributed to hackers linked to the NSA, in 2014. An exploit is a hack that leverages a security hole or flaw, as opposed to a hack that requires installing malware.
“The exploit was replicated by the APT during 2014 to form ‘Jian’ and used since at least 2015, until finally caught and patched in March 2017,” wrote Eyal Itkin and Itay Cohen, Check Point researchers, in their report. They said the security flaw was reported to Microsoft by Lockheed Martin’s Computer Incident Response Team, which hinted at a possible attack against a U.S. target.
The flaw was found on a U.S.-based third-party network and not on Lockheed Martin’s network or its supply chain, according to a source familiar with Lockheed Martin’s research.
Cybersecurity professionals are mum on who the Chinese sought to hack.
The report notes that the “Jian” hack is not the only time cybersecurity researchers have found Chinese hackers repurposing tools believed to have been developed by the NSA.
Lockheed Martin has routinely alerted web developers and others to zero-day vulnerabilities, meaning a previously unknown flaw in software that hackers can attack. Lockheed Martin spokesman John Torrisi said his team has reported more than 100 zero-day vulnerabilities to multiple vendors in the last six years.
The revelation that U.S.-made tools were used by its adversaries comes as the Senate prepared to hold a hearing Tuesday to investigate how hackers breached federal networks via the computer network management software SolarWinds.
SolarWinds hackers compromised nine federal agencies and about 100 companies, while 18,000 total public- and private-sector entities were exposed to the hack, said Anne Neuberger, deputy national security adviser for cyber and emerging technology.
SolarWinds CEO Sudhakar Ramakrishna is scheduled to testify before the Senate Select Committee on Intelligence alongside Microsoft President Brad Smith and representatives from the cybersecurity firms CrowdStrike and FireEye.
The Democratic leadership of the Senate intelligence committee prioritized the hearing ahead of nomination hearings on President Biden’s pick to lead the CIA, which are scheduled for later this week.
The federal government has identified Russia as likely behind the SolarWinds breach. There is no publicly known connection between the likely Russian hackers breaching SolarWinds and the Chinese hackers copying America’s offensive cyber tools.
The U.S. government is still developing its response to the SolarWinds breach, which was made public last year. Ms. Neuberger, who is leading the federal government’s response to the hack, said last week that the U.S. government was considering using its allies and partners in however it responds.
Jake Sullivan, Mr. Biden’s national security adviser, told CNN last week that the federal government’s “first steps” in response to the SolarWinds hack would come “weeks from now” instead of several months away.
Congress is responding to the cybersecurity failures afflicting the federal government by establishing new subcommittees to better address cyber issues. House Democrats put Rep. Jim Langevin, Rhode Island Democrat, in charge of a new cyber and artificial intelligence subcommittee within the House Armed Services Committee. The Senate Commerce, Science and Transportation Committee said last week that Sen. Richard Blumenthal, Connecticut Democrat, would head a subcommittee focused on data security alongside his Republican counterpart, Sen. Marsha Blackburn of Tennessee.
Mr. Biden has pushed for $9 billion in new cybersecurity spending as part of his $1.9 trillion coronavirus relief package.
• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.
Please read our comment policy before commenting.