‘Chinese Spies’ Had NSA Cyber Weapons Before The Shadow Brokers Leak

Chinese spies obtained NSA cyber weapons more than a year before they were leaked by the Shadow Brokers group in one of the most high-profile hacks of the last decade, it has been alleged.

Researchers at Symantec claimed that the Buckeye group, which is believed to be made up of Chinese intelligence agents, used the weapons to launch attacks on targets in Europe and Asia at least 12 months before they came into the public domain.

In a blog post, Symantec’s investigation team noted that variants of the tools used by Buckeye “appear to be different from those release by Shadow Brokers, potentially indicating that they didn’t originate from that leak”. Instead, Symantec’s researchers believe the tools could have been analysed and repurposed if they were used by the NSA to launch attacks on Chinese targets, the New York Times reported.

Organisations in Hong Kong, Vietnam, the Philippines, Belgium and Luxembourg are among those to have been targeted by Buckeye using the NSA’s stolen weapons, according to Symantec.

In November 2017, three alleged members of the Buckeye group were indicted in the United States for hacking three companies for “commercial advantage”. They were accused by the US Department of Justice of computer hacking, theft of trade secrets, conspiracy and identity theft in a campaign against organisations in the financial, engineering and technology industries. Buckeye had gone quiet in the months before the indictments were issued.

“While Buckeye appeared to cease operations in mid-2017, the Equation Group tools it used continued to be used in attacks until late 2018,” said Symantec’s researchers. “It is unknown who continued to use the tools. They may have been passed to another group or Buckeye may have continued operating longer than supposed.”

The authors added: “All zero-day exploits known, or suspected, to have been used by this group are for vulnerabilities in Internet Explorer and Flash.”

New Statesman:         Symantec

You Might Also Read: 

Who Are The Shadow Brokers?:

Cyber Criminals Are Catching Up  With Nation-state Hackers:

 

 

 

« AI In Cyber Security Is Worth Almost $5B
Verizon 2019 Data Breach Report »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Cyberis

Cyberis

Cyberis are pioneers in customer-focussed information security. Since 2011, we’ve been helping businesses protect their brands, customers and reputation.

Allegro Software

Allegro Software

Allegro provide secure software for the Internet of Things.

BackBox Software

BackBox Software

BackBox is a leading provider of solutions for automated backup and recovery software for security and network devices.

Cato Networks

Cato Networks

Cato connects your branch locations, physical and cloud datacenters, and mobile users into a secure and optimized global network in the cloud.

Tymlez Software & Consulting

Tymlez Software & Consulting

Tymlez Software and Consulting is a start-up specialised in blockchain technology for enterprises.

Relution

Relution

Relution is the Unified Endpoint Management platform for innovative companies and educational institutions. It enables you to manage your mobile apps and devices easily and securely.

Metrarc

Metrarc

Metrarc has developed a ground-breaking technology called ICMetrics™ for deriving secure encryption keys from the properties of digital systems without the need to store any of the encryption keys.

Cognyte

Cognyte

Cognyte is a global leader in investigative analytics software that empowers a variety of government and other organizations with Actionable Intelligence for a Safer World.

Reliance Cyber

Reliance Cyber

Reliance Cyber (formerly Reliance ACSN) help to monitor and manage your organisation’s security infrastructure 24/7, so you can make sure all threats and issues are dealt with.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

Neosec

Neosec

We’re reinventing API security. Understanding behavior requires data, analytics, and intelligence. Neosec brings XDR techniques to application security.

Appsian Security

Appsian Security

Appsian provides powerful solutions that help organizations take control of their business critical data and financial transactions.

HackEDU

HackEDU

HackEDU provides secure coding training to companies ranging from startups to the Fortune 500.

Antigen Security

Antigen Security

Antigen Security is a Digital Forensics, Incident Response and Recovery Engineering firm helping businesses and service providers prepare for, respond to, and recover from cyber threats.

HIFENCE

HIFENCE

HIFENCE delivers cybersecurity and networking services that make your company safer and more secure. That’s all we do, so you can concentrate on all the things that you do best.

Arcfield

Arcfield

Arcfield protects the nation and its allies through innovations in systems engineering and integration, space and mission launch assurance, cybersecurity, and missile support.