Chinese Hackers Stole an NSA Windows Exploit in 2014
Check Point has evidence that (probably government affiliated) Chinese hackers stole and cloned an NSA Windows hacking tool years before (probably government affiliated) Russian hackers stole and then published the same tool. Here’s the timeline:
The timeline basically seems to be, according to Check Point:
- 2013: NSA’s Equation Group developed a set of exploits including one called EpMe that elevates one’s privileges on a vulnerable Windows system to system-administrator level, granting full control. This allows someone with a foothold on a machine to commandeer the whole box.
- 2014-2015: China’s hacking team code-named APT31, aka Zirconium, developed Jian by, one way or another, cloning EpMe.
- Early 2017: The Equation Group’s tools were teased and then leaked online by a team calling itself the Shadow Brokers. Around that time, Microsoft cancelled its February Patch Tuesday, identified the vulnerability exploited by EpMe (CVE-2017-0005), and fixed it in a bumper March update. Interestingly enough, Lockheed Martin was credited as alerting Microsoft to the flaw, suggesting it was perhaps used against an American target.
- Mid 2017: Microsoft quietly fixed the vulnerability exploited by the leaked EpMo exploit.
Clive Robinson • March 4, 2021 7:56 AM
@ ALL,
It maters not if the Chinese got it from the NSA[1] or it was the other way around, or the discovery was independent of each other.
In “The Game of Smoke and Mirrors” being first is rarely important, and using a competitors weapon against them is par for the course.
What is important is the length of the time line before the vulnarability was closed…
As I’ve pointed out in the past, the US being most dependent on high tech, thus the most vulnerable to attacks against it you would have thought that leaving open an attack you know a competitor is using for atleast three years was not the brightest thing to do… But then I guess thay part of the US Gov that sees it’s own citizens as “the enemy” is not exactly thinking rationally but then, few with “bunker fever” ever do.
[1] Saying “Chinese hackers stole and cloned” is a little childish to put it mildly. If they did get it, it was most likely because the NSA were being careless in their usage of it on the Chinese…
Yes think about the implication of that for a moment, then the implication that it was after all, “information” not “physical items”. As we all know the US is “exceptional” in that it does not regard the gathering of others information and repurposing others information for profit as a crime. Otherwise Amazon, Facebook, Google, Palantir, etc, etc would all be crooks/criminals, because of the information they’ve “stole and cloned” and profit from. I know the US thinks it’s “exceptional” but honestly you can not have it both ways… Remember what in the US is known as “The Golden Rule”, originating in the supposed “Good Book”, which has the main protagonist in the new testiment “Jesus” say “Do unto others as you would have them do unto you” in Luke 6:31 and Matthew 7:12. Crying “Snot fair” when it counts against you which shows the US up as at best hypocritical is well…
The first step in resolving such conflicts is to honestly look at why things are happening. But if the US want to still make claims of taking then perhaps they should say “the chinise confiscated the US breaking and entering tools used to commit theft by the US” it would be a little more honest after all.