NSA Hacking Tools Used by Chinese Hackers One Year Before Leak

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
A Chinese threat group was using hacking tools developed by the NSA more than a year before Shadow Brokers leaked them in April 2017, tools that were later used in highly destructive attacks such as the WannaCry ransomware campaign from May 2017.


The Buckeye threat group (also known to researchers as Gothic Panda, TG-0110, UPS, and APT3) has been active since at least 2010, it is credited by experts for running Operation Clandestine Fox, Operation Clandestine Wolf, and Operation Double Tap [1, 2, 3], and for mainly attacking U.S. entities with a sudden switch to Hong Kong targets back in 2015.


The indictment of three APT3 members by the U.S. government in November 2017 is the thing that really brought the group in the spotlight, with the three Chinese hackers being accused of infiltrating the computing systems of Moody’s Analytics, Siemens, and Trimble between 2011 and May 2017.


As unearthed by Symantec, the Chinese-backed Buckeye was using NSA hacking tools 13 months before they were leaked by Shadow Brokers—the hacking group who stole them—in April 2017, together with a "previously unknown Windows zero-day vulnerability that Symantec discovered (which has since been patched by Microsoft)."
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top