A zero day vulnerability, developed by the United States National Security Agency (NSA) may have been used by cybercriminals linked to the Chinese government to spy on the United States, years before its source code was leaked on the internet.
According to a study by Check Point, Chinese malware, Jian (APT31), was developed on the basis of a cyber weapon, EpMe, developed by Equation Group, possibly linked to the NSA.
Jian was used by APT31 to attack American aircraft maker Lockheed Martin. However, according to the researchers, although it is almost identical to EpMe, Jian is more sophisticated, exploits more vulnerabilities and has been equipped with more anti-detection tools.
“CVE-2017-0005, a zero-day assigned by Microsoft as a Chinese APT31 (Zirconium), is actually a replica of an Equation Group exploit codenamed” EpMe “. APT31 had access to EpMe files, both 32-bit and 64-bit versions, more than 2 years before the Shadow Brokers leak“, write researchers Eyal Itkin and Itay Cohen, from Check Point Reasearch.
The researchers explain that EpMe was developed in 2013. Between 2014 and 2015, Chinese government-funded APT31 cybercriminals developed “Jian”, described as “the Chinese double-edged cyber sword”, an EpMe clone. In the beginning of 2017, a group identified as Shadow Brokers, published the source code of the tool on the internet, in order to expose some of the threats and unethical practices carried out by the US government itself.
“APT31 acquired its own exploit samples, in all supported versions. Having dated the APT31 samples to 3 years before Shadow Broker’s “Lost in Translation” leak, our estimate is that these Equation Group exploit samples could have been acquired by the Chinese APT captured it during an Equation Group network operation on a Chinese target; or captured during an Equation Group operation on a third party network that was also monitored by the Chinese APT; or he was captured by the Chinese APT during an attack on the Equation Group’s infrastructure, “they write.
Microsoft fixed the vulnerability that hit its operating system, Windows, in 2017, after the EpMe code was leaked.
Sources: Check Point.
See the original post at: https://thehack.com.br/china-clonou-e-utilizou-uma-vulnerabilidade-zero-day-da-nsa-antes-dela-ser-vazada-na-internet/?rand=48873
