Chinese Communist Spies used vulnerability detection code developed by the Equation Group, a group linked to the U.S. National Security Agency (NSA), to support their hacking operations, an Israeli research agency said Monday (Feb. 22).
In a research report, Check Point, a leading global cybersecurity firm based in Israel, said the malware “Jian” used by the Chinese Communist hacking group APT31 (APT stands for Advanced Persistent Threat) Some of the features of “Jian” are the same as those of “EpMe” from the 2017 “Formula Group.
Reuters reported that Check Point’s research director Yaniv Balmas said “Jian” is “a copycat, a Chinese replica.
Web technology news site ZDNet quoted Check Point as saying that both APT31’s “Jian” and Formula One’s “EpMe” APT31’s “Jian” and Formula’s “EpMe” are designed to elevate an attacker’s privileges in the local Microsoft Windows environment. This tool is used after the attacker has gained initial access to the target computer (for example, through phishing emails or any other option), granting the attacker the highest available privileges so they can “roam free” and do whatever they want on an already infected computer.
The Check Point study mentions that the Chinese group may have captured the code when Formula attacked the Chinese target, or it may have captured the code when it attacked Formula’s infrastructure.
The study also mentions that APT31 used “Jian” to conduct cyber attacks between 2015 and March 2017 until Microsoft patched the vulnerabilities it was attacking.
This does not appear to be the only example of the Chinese Communist Party stealing and adapting tools to exploit the “Formula One” organization. Symantec, the world’s leading cybersecurity company, reported in 2019 that the Chinese hacking group APT3 used Formula One hacking tools to conduct attacks in 2016.
In 2017, the NSA was hit hard when a hacking group calling itself Shadow Brokers posted hacking tools it claimed were from the Formula Group online. The hacking tools that were made public had a major impact on global cybersecurity, including the WannaCry cyberattack that rocked the world.
Recent Comments