Chinese hackers cloned NSA attack tool to target Microsoft OS | SC Media
Strategy, Threat intelligence, Threats, Malware

Chinese hackers cloned NSA attack tool to target Microsoft OS

February 22, 2021

Check Point Research revealed that Chinese hackers created “Jian,” an attack tool that was designed to exploit a zero-day vulnerability in Microsoft’s operating systems from Windows XP to Windows 8, by cloning software developed by the U.S. National Security Agency, ZDNet reports.

Analysts once theorized that Jian was developed by APT31, a Chinese advanced persistent threat group also known as Zirconium. Check Point says Jian was being used in attacks between 2014 and 2017, until the hacking group Shadow Brokers released EpMe to the public in 2017 along with a number of tools and files that belonged to the NSA's Equation Group. Microsoft patched the CVE-2017-0005 vulnerability that same year.

The cybersecurity researchers theorized that APT31 may have acquired and repurposed EpMe either when the Equation Group attacked a Chinese target, after an attack by APT31 on Equation Group systems, or while Equation Group was active in a network also being monitored by APT31.

Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad