Malware, Threat Management

Chinese hackers cloned NSA attack tool to target Microsoft OS

Check Point Research revealed that Chinese hackers created “Jian,” an attack tool that was designed to exploit a zero-day vulnerability in Microsoft’s operating systems from Windows XP to Windows 8, by cloning software developed by the U.S. National Security Agency, ZDNet reports.

Analysts once theorized that Jian was developed by APT31, a Chinese advanced persistent threat group also known as Zirconium. Check Point says Jian was being used in attacks between 2014 and 2017, until the hacking group Shadow Brokers released EpMe to the public in 2017 along with a number of tools and files that belonged to the NSA's Equation Group. Microsoft patched the CVE-2017-0005 vulnerability that same year.

The cybersecurity researchers theorized that APT31 may have acquired and repurposed EpMe either when the Equation Group attacked a Chinese target, after an attack by APT31 on Equation Group systems, or while Equation Group was active in a network also being monitored by APT31.

Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds