Chinese hackers have been using NSA’s EpMe tool to attack Windows devices for years.
This fact was reported by Check Point. The description also mentions the theory that if someone steals and uses the tools that agencies such as the NSA use, no network will be protected anymore. Another thing is that this has already happened.
Shadow Brokers and WannaCry attack
Some time ago, a group of hackers called Shadow Brokers published advanced hacking tools. They allegedly came from the resources of the TAO (Tailored Access Operations) and NSA (National Security Agency) units.
Thanks to these tools, many cybercriminal groups have launched attacks on corporate and agent networks around the world. One of the most famous was the WannaCry malware attack. Within a few days, the malicious code hit 250,000 computers and 150,000 smartphones. According to various sources, some of its consequences are still being felt today.
APT31, Zirconium, Judgment Panda
Check Point has uncovered evidence that a group of hackers have access to a tool called EpMe. It was designed to hack Windows systems. It is a tool credited with programmers associated with the NSA.
The group that allegedly had access to this very dangerous tool is called differently, but the most common names are APT31, Zirconium, Judgment Panda.
Check Point claims that this Chinese cybercriminal group has developed their own software based on the stolen code and has been using it since 2014! The vulnerability, which hackers could exploit almost without hindrance, was only fixed in 2017. Before that, cybercriminals could install almost any code on selected computers.
Lockheed Martin opens
In 2017, it was revealed that malicious code had been detected on the Windows computers used by Lockheed Martin, which was immediately reported to Microsoft. An investigation was launched because the American companies that Lockheed Martin worked with were in danger.
“We found irrefutable evidence that one of the vulnerabilities disclosed by Shadow Brokers had somehow fallen into the hands of Chinese hackers. And not only did they get it, they changed its purpose and used it, possibly against American targets. When we got the results, we were shocked. ” Yaniv Balmas, Head of Cyber ​​Research at Check Point, said.
Check Point claims the hackers used NSA software, but not all. Some parts of their code may have been copied directly and some may have been modified. It also seems that they did not fully understand the operation of the intercepted software.
Dissenting opinion on NSA tool
However, there are experts who dispute these claims. They speculate that Chinese hackers used reverse engineering after discovering NSA malicious code on Chinese internet networks. They just started to analyze it in depth and used some of its elements in their instruments. They also link the band’s activities to the tools that Shadow Brokers have revealed.
However, it is worth considering that the public disclosure of the tools occurred much later than the actions of a group of cybercriminals from China.
It should also be emphasized that since 2017, Windows systems are protected from attacks that exploit the above vulnerabilities. Unfortunately, this is no consolation for companies and institutions that have been using Microsoft operating systems for a long time.