New research has found evidence that a Chinese-affiliated threat group (APT31) has hijacked a hacking tool previously used by the Equation Group (which has been tied to the U.S. National Security Agency, or NSA). The tool in question, dubbed “Jian,” is used to exploit a local privilege-escalation (LPE) flaw in Windows, known as CVE-2017-0005. The exploit was previously discovered and linked to APT31. However, new research by Check Point Research, released Monday, found that APT31 had actually stolen – and copied – the exploit from the Equation Group. In another twist, researchers say the exploit was in use by APT31 in 2014, years before the ShadowBrokers leak in 2017, which leaked a cache of exploits that belonged to the Equation Group. Download the podcast here or listen to the episode below. “Although we don’t show any conclusive evidence that there is there any connection between China and the ShadowBrokers, we do show conclusive evidence that this Chinese group had in their possession a tool that was made by Equation Group, and not only that they had this tool, but they also repurposed it and used it, probably to attack many targets, including American targets,” Yaniv Balmas, head of cyber research with Check Point Software, said. Balmas, along with Oded Vanunu, the head of products vulnerability research with Check Point Software, talk on this week’s Threatpost podcast about the new discoveries around the NSA-linked exploit tools, as well as the implications of the…
0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-02-22 16:07:002021-02-22 16:07:00Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com