Prince, a member of China’s Red Hacker Alliance who declined to give his real name, uses a computer at his office in Dongguan, Guangdong province, Aug. 4, 2020.
Wired magazine recently revealed in a report that there is evidence that the Chinese Communist Party had acquired and used a hacking tool as early as 2014 that was linked to the U.S. National Security Agency (NSA). There is therefore speculation that the Chinese Communist Party tried to use this hack against Americans.
Wired magazine, which focuses on the cultural, economic and political impact of technology, published an article in late February that said Israeli cybersecurity firm Check Point had discovered that a Chinese Communist hacking group called APT31 had somehow acquired and used a hacking tool created by the hacking group “The Windows hacking tool “EpMe” was created by the Equation Group. Many believe that Equation Group is an agency under the NSA name.
According to Jebon, the Chinese hacking group used the EpMe code to build its own hacking tool in 2014 and then used it, which Jebon named “Sword” or “Double-Edged Sword” from 2015. It wasn’t until March 2017 that Microsoft patched the vulnerability it was attacking. This means that before then, the Chinese hacking group APT31 could have used the Sword’s “privilege escalation” vulnerability to gain greater access to the network under attack.
Lockheed Martin, a U.S. aerospace manufacturing company, did not discover that the Chinese Communist Party was using the hacking technique until early 2017. Because the company’s main customers are from the United States, Jebon speculated that the hacking tool, Sword, could have been used against Americans.
“We found conclusive evidence that a vulnerability had somehow fallen into the hands of the Chinese Communist Party.” Not only did it fall into the hands of the Chinese Communist Party, but the Communist Party likely repurposed and used it against the United States, said Yaniv Balmas, director of cyber research at Jebang.
“When we got the results, we were shocked.” said ITAY COHEN, a senior security researcher at Jabong.
A source familiar with Lockheed Martin’s cybersecurity research and reporting confirmed to Wired that the company found that Chinese Communist hacking tools were used on a U.S. private sector network. But he declined to give more details.
This discovery by Jetbond is not the first time the Chinese Communist Party has used NSA hacking tools, or at least its hacking techniques. In a 2018 report, U.S. cybersecurity firm Symantec said another powerful Windows “zero-day” vulnerability was used by the NSA in the hacking tools EternalBlue and EternalRomance, but that vulnerability was also reused by Chinese hackers.
In contrast, APT31’s hacking tool, Sword, appears to have been built by someone with hands-on access to the Formula One compiler, the Jebang researchers said.
“The Chinese exploit looks like a partial copy of the code. But in some cases, they don’t really seem to understand the content and what it does,” Cohen said. Cohen said.
Jake Williams, a former NSA hacker and founder of computer and network security firm Rendition Infosec, said that while the “sword” of the Chinese Communist Party’s hacking tools came from the NSA, there is still some controversy over the claim that the “sword” came from the NSA. But anyway, if you forced me to say who had it first, I would say the NSA,” he said.
Jebon said it is unclear how the APT31 hackers got hold of the NSA’s hacking tools.
The APT31 hack came back into the spotlight last October. In a report at the time, Google said their operation was aimed at the campaign of then-Democratic presidential candidate Joe Biden.
The article said there is speculation that the Chinese hackers may have obtained the EpMe malware from a Chinese network used by the Formula Group, or from a third-party server where the software was stored by the Formula Group, or even from the Formula Group’s own servers. “from Formula’s own network, i.e., directly from within the NSA.
As the name “Double-Edged Sword” given to the hacking tool by Jebon suggests, the researchers believe their findings should again raise the question of whether intelligence agencies like the NSA can safely hold and use hacking tools without the risk of losing control.
Recent Comments