Back to Blog

Chinese Hackers Used NSA Hacking Tools Before Shadow Brokers Leaked Them

May 8, 2019

By: mirabiliscorp

In a shocking revelation, it turns out that a hacking group believed to be sponsored by Chinese intelligence had been using some of the zero-day exploits linked to the NSA’s Equation Group almost a year before the mysterious Shadow Brokers group leaked them.

According to a new report published by cybersecurity firm Symantec, a Chinese-linked group, which it calls Buckeye, was using the NSA-linked hacking tools as far back as March 2016, while the Shadow Brokers dumped some of the tools on the Internet in April 2017.

Active since at least 2009, Buckeye—also known as APT3, Gothic Panda, UPS Team, and TG-0110—is responsible for a large number of espionage attacks, mainly against defence and critical organizations in the United States.

Although Symantec did not explicitly name China in its report, researchers with a high degree of confidence have previously attributed [1,2] Buckeye hacking group to an information security company, called Boyusec, who is working on behalf of the Chinese Ministry of State Security.

Symantec’s latest discovery provides the first evidence that Chinese state-sponsored hackers managed to acquire some of the hacking tools, including EternalRomanceEternalSynergy, and DoublePulsar, a year before being dumped by the Shadow Brokers, a mysterious group that’s still unidentified.

According to the researchers, the Buckeye group used its custom exploit tool, dubbed Bemstour, to deliver a variant of DoublePulsar backdoor implant to stealthily collect information and run malicious code on the targeted computers.

Benstour tool was designed to exploit two then-zero-day vulnerabilities (CVE-2019-0703 and CVE-2017-0143) in Windows to achieve remote kernel code execution on targeted computers.

More: https://thehackernews.com/2019/05/buckeye-nsa-hacking-tools.html

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.