Expand / Collapse search
Watch TV
Menu

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.

Cybercrime

Chinese hackers used NSA code to attack American targets

NSA code stolen years ago, researchers said

By Brooke Crothers Fox News
Published
close
Fox News Flash top headlines for February 27 Video

Fox News Flash top headlines for February 27

Fox News Flash top headlines are here. Check out what's clicking on Foxnews.com.

A Chinese group "cloned" code stolen from the National Security Agency years before a security flaw was fixed, researchers said this week.

The Chinese group, identified as APT31, used the so-called exploit, along with other hacking tools to stage attacks, Check Point, an IT security firm, said in a research note. Generally an APT, or Advanced Persistent Threat, is associated with nation-state cyber activity.

"Check Point Research has determined that Chinese hackers cloned and actively used the cyber offensive tool of a US-based hacking group [that] is believed to be tied to the NSA," a Check Point spokesperson said to Fox News in a statement.

"And it not only got into [Chinese] hands, but they repurposed it and used it, likely against US targets," the spokesperson said.

A Chinese group "cloned" code stolen from the National Security Agency years before a security flaw was fixed, researchers said this week. (AP Photo/Patrick Semansky, File) (AP)

ROMANCE SCAMS RAKED IN HUNDREDS OF MILLIONS IN 2020

Fox News has reached out to the NSA and the Chinese Embassy for comment.

The hacking tool that the Chinese used, called Jian, was a "replica" of EpMe, which is a Windows tool used for hacking and is associated with the Equation Group, a name given to a hacker group that is part of the NSA, according to Check Point.

That group was described by cybersecurity firm Kaspersky in 2015 as "one of the most sophisticated cyberattack groups in the world."

The Chinese group, identified as APT31, used the so-called exploit, along with other hacking tools to stage attacks, Check Point, an IT security firm, said in a research note. (REUTERS/Kim Kyung-Hoon)

5 WAYS TO A STRONG PASSWORD AND BETTER PERSONAL CYBERSECURITY

The replicated software was used between 2014 and 2017. The flaw, or vulnerability, wasn’t fixed until 2017, Check Point said.

Essentially, it would allow hackers to gain access to Microsoft networks at highly privileged levels, meaning they could gain deep access to networks.

The vulnerability was first caught by Lockheed Martin’s Incident Response team and then detailed by Microsoft in 2017, Check Point said.

That group was described by cybersecurity firm Kaspersky in 2015 as "one of the most sophisticated cyberattack groups in the world." (iStock)

CLICK HERE TO GET THE FOX NEWS APP

"An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights," Microsoft said in its Executive Summary of the flaw.

The 2017 Microsoft update addressed the vulnerability by "preventing instances of unintended user-mode privilege elevation."

Happened Before

This is not the first time something like this has happened. Chinese hackers took advantage of NSA hacking tools EternalBlue and EternalRomance, as reported by cybersecurity firm Symantec in 2018.

In this case, "the consensus among our group of security researchers as well as in Symantec was that the Chinese exploit was reconstructed from captured network traffic," Check Point said.