image
New research has found evidence that a Chinese-affiliated threat group (APT31) has hijacked a hacking tool previously used by the Equation Group (which has been tied to the U.S. National Security Agency, or NSA). The tool in question, dubbed “Jian,” is used to exploit a local privilege-escalation (LPE) flaw in Windows, known as CVE-2017-0005. The exploit was previously discovered and linked to APT31. However, new research by Check Point Research, released Monday, found that APT31 had actually stolen – and copied – the exploit from the Equation Group. In another twist, researchers say the exploit was in use by APT31 in 2014, years before the ShadowBrokers leak in 2017, which leaked a cache of exploits that belonged to the Equation Group. Download the podcast here or listen to the episode below. “Although we don’t show any conclusive evidence that there is there any connection between China and the ShadowBrokers, we do show conclusive evidence that this Chinese group had in their possession a tool that was made by Equation Group, and not only that they had this tool, but they also repurposed it and used it, probably to attack many targets, including American targets,” Yaniv Balmas, head of cyber research with Check Point Software, said. Balmas, along with Oded Vanunu, the head of products vulnerability research with Check Point Software, talk on this week’s Threatpost podcast about the new discoveries around the NSA-linked exploit tools, as well as the implications of the…

Source