Published on May 8th, 2019 📆 | 4332 Views ⚑0
Chinese ‘Buckeye’ hackers used NSA hacking before Shadow Brokers leak
Chinese hackers used NSA tools ‘months’ before Shadow Brokers leak
CHINESE HACKERS reportedly repurposed two hacking tools created by the US National Security Agency (NSA) to attack targets in Europe and Asia in 2016.
That’s according to researchers at Symantec, who claim that hacking groups based in China started using the tools about 14 months before they were leaked by a peculiar group calling itself the Shadow Brokers.
In 2017, Shadow Brokers published several tranches of NSA hacking tools and exploits online, some of which were subsequently used in security breaches around the world, including the WannaCry and NotPetya attacks.
While Shadow Brokers repeatedly claimed to have stolen the tools directly from the NSA via a compromised server, the researchers couldn’t find the evidence to back that up.
The findings of the investigation by Symantec indicate that the China-based Buckeye group had acquired some of the NSA‘s tools months before Shadow Brokers started publishing them on the internet.
Buckeye is the codename for Chinese intelligence contractors that work for the Chinese Ministry of State Security. Based in Guangzhou, Buckeye is also known by several other names, including Gothic Panda, APT3, TG-0110, and UPS Team.
According to Symantec, Buckeye acquired the NSA‘s trove of hacking tools after attacks by the US agency on its systems.
The group altered the tools to create its own versions and then surreptitiously used those tools for several months before they were published by Shadow Brokers.
Attacks were carried out on various educational institutions, scientific research organisations and computer networks in at least five places, including Luxembourg, Belgium, Vietnam, Hong Kong and the Philippines, according to the research.
One attack on a telecom network may have given attackers access to hundreds of thousands of private communications, Symantec claimed.
Symantec‘s report is the latest evidence to suggest that it is becoming increasingly difficult for the US to keep track of the backdoors its uses to break into adversaries networks.
The episode also sets off a debate within the cyber-security community over whether US agencies should continue to develop some of the world‘s most stealthy cyberweapons if they can‘t keep them under lock.
“We‘ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” Eric Chien, a security director at Symantec, told the New York Times. “People come and go. Clearly the tools live on,” he added. µ