May 10, 2019

Chinese Spies Reportedly Used NSA Tool to Carry Out Cyber Attacks

Chinese Spies Reportedly Used NSA Tool to Carry Out Cyber Attacks

A report from Symantec has found that Chinese hackers stole hacking tools from the National Security Agency in 2016 to carry out cyber attacks.

The cybersecurity company claimed that a Chinese group of hackers known for its association with Chinese government intelligence used NSA hacking tools to conduct a hacking campaign. While Symantec avoided revealing any names of agencies, it indicated that the group was a branch of China's Ministry of State Security in Guangzhou. It further reported that the US Department of Justice named three of its members while looking for them in November 2017. Since then, the group has gone dark.

We know that the Chinese government has prolific spies globally that operate as prominent hackers but they used NSA tool quite infrequently.

"When they were in action, they were pretty noisy, they hit a lot of targets," Eric Chien, a Symantec guy said while talking to CNN. "But the number of targets that we've been able to recover so far that used this exploit was very few. They saw it was high value and didn't want to use it everywhere.”

First Reported By The New York Times

The story was covered by the New York Times first before Symantec gave details over it. NSA’s recent history already has some strange episodes written over it. A group of hackers named Shadow Brokers appeared on the dark web in 2016 and leaked most of the agency’s tools online. Since then, Chinese spies managed to manipulate servers and hack into them. After the last known usage of NSA tool by the Chinese hackers, the US government made efforts to catch them but the operation went dark. However, this is when in April 2017, Shadow Brokers again became active and released the most damaging NSA tools. These included a Windows exploit that was later used by both Russian and North Korean intelligence services to create two of the most damaging ransomware forces in history.

In April 2017 — after the last known incident in which the Chinese hackers used the NSA tool, but before the US indictment prompted that operation to go dark — Shadow Brokers released their most damaging set of NSA tools. That included one Windows exploit that both North Korea and Russian intelligence services used to create the two most damaging ransomware strains in history, prompting international condemnation. However, Symantec claimed that these are not the tools China was using for cyber attacks.

The mystery still remains unsolved how the Chinese got their hands over these tools as NSA refused to comment anything on the issue.

John Hultquist, director of intelligence at FireEye, said that "we're in a very murky place," while talking to CNN. "This report raises a lot of questions that are still unanswered,” he further added. FireEye is a notable company that keeps tracks of Chinese hacking on the internet.

China's Ministry of Foreign Affairs responded to the hacking claims in a similar manner it usually does. "Those who criticize or accuse us have never produced any concrete evidence," said a spokesperson Geng Shuang from Chinese ministry in response to the claims.

Even Pentagon reported last week that China is using Espionage to empower their military operations.

A report from Department of Defense quoted that "China uses a variety of methods to acquire foreign military and dual-use technologies, including targeted foreign direct investment, cyber theft, and exploitation of private Chinese nationals' access to these technologies, as well as harnessing its intelligence services, computer intrusions, and other illicit approaches.”