Chinese APT3 hackers seized NSA’s tools long before they drained

Chinese government cybercriminals from the APT3 group were able to steal dangerous exploits from the NSA for cyber attacks. According to the Check Point report, APT3 seized NSA tools long before they drained into the network.

[dropcap]E[/dropcap]xperts believe that Chinese hackers deliberately set traps to take possession of US cyber weapons.

An employee of Check Point Mark Lechtik shared his opinion on this subject.

Mark Lechtik

Mark Lechtik

“The thing is that China, by all means, wanted to have the same opportunities in cyberspace that the West had. At the same time, the PRC authorities did not want to invest heavily in development, so they took the path of cheating”, – explains Mark Lechtik.

Cyber war has become more difficult. Now this is a multifaceted conflict, including tensions in the Persian Gulf, an arms race between the US, China and Russia, and cyber terrorism of national states. Most of this activity is based on the growing threat from proxies sponsored by state-sponsored hacker groups who are given operational flexibility in exchange for some plausible denial. An analysis of their work inevitably rests on assumptions – their activity is very different from actions directly related to the state bodies themselves.

Read also: Huawei accuses US in cyberattacks and threats to company employees

Check Point emphasized that China has gained access to tools developed by the Equation Group, a dedicated unit responsible for offensive cyber operations. Moreover, there is evidence of the use of these tools by the APT3 group long before their leak, which was organized by the Shadow Brokers group.

Thus, at least a year before the leak from the hands of Shadow Brokers, APT3 used the Equation Group tools to get into the systems of the attacked organizations.

It is especially worth noting that the tool variants merged by Shadow Brokers differed from those used by APT3, that is, their source was definitely different.

Experts believe that APT3 has taken over and adapted to its needs a tool known as EternalRomance. Performed by Chinese hackers, this tool is called Bemstour.

Using Bemstour, cybercriminals could remotely execute code at the kernel level of the attacked computers.

Symantec voiced one of the wealthy versions explaining the appearance of NSA tools in the hands of Chinese hackers.

According to experts, “APT3 could capture a cyber weapon during an NSA attack on Chinese systems, having previously set appropriate traps”, – experts of Symantec told.

[box]APT3 is viewed as one of the most dangerous threat groups to have operated in the shadows of Chinese state agencies in recent years. Symantec identified attacks in Belgium, Luxembourg, Vietnam, the Philippines and Hong Kong, all of which leveraged the U.S. exploit.[/box]

About the author

Sophia Zimmerman

High-quality tech & computer security copywriter, SEO editor & online marketing consultant

Leave a Comment