Check Point revealed that Chinese hackers created “Jian,” an attack tool that was designed to exploit a zero-day vulnerability in Microsoft’s operating systems from Windows XP to Windows 8, by cloning “EpMe,” a software developed by the Equation Group, a highly sophisticated threat group linked to the US National Security Agency, ZDNet reports.
Analysts once theorized that Jian was developed by APT31, a Chinese advanced persistent threat group also known as Zirconium. Check Point says Jian was being used in attacks between 2014 and 2017, until the hacking group Shadow Brokers released EpMe to the public in 2017 along with a number of tools and files that belonged to the Equation Group, and Microsoft patched the CVE-2017-0005 vulnerability that same year.
The cybersecurity researchers theorized that APT31 may have acquired and repurposed EpMe either when the Equation Group attacked a Chinese target, after an attack by APT31 on Equation Group systems, or while Equation Group was active in a network also being monitored by APT31.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Only 3% of organizations around the world were reported to be completely ready to deal with increasingly sophisticated cybersecurity threats, including ransomware attacks and supply chain intrusions, reports SiliconAngle.
Severely lacking military coordination and recruitment for U.S. cybersecurity efforts have prompted the Foundation for Defense of Democracies to urge Congress to immediately advance an independent Cyber Force that would ensure the country's cyber defense readiness, according to The Record, a news site by cybersecurity firm Recorded Future.
Cyberespionage operations have been conducted by a pair of Chinese advanced persistent threat groups against organizations in countries part of the Association of Southeast Asian Nations since January, The Hacker News reports.