- A Chinese state-sponsored group APT-3 used a hacking tool developed by NSA.
- The hackers reinvented this tool and used it for surveillance on US companies.
- Lockheed Martin is said to be one of the targets of this hacking group.
Chinese hackers stole a highly capable tool originally developed by the National Security Agency and used it in a different form to target several US-based companies, a new report has claimed. Security researchers at the Israeli cybersecurity firm, Check Point Research, have said they have found evidence a state-sponsored hacking group from China lifted some codes from NSA's hacking tool, which was developed back in 2014, and used them to build their own tool with similar capabilities. The targets of this cyber group seem to include the defense company Lockheed Martin among others.
APT-3, the hacking group sponsored by the Chinese government, did not use the tool as-is. It lifted some codes that were potentially useful for creating new such tools for surveillance and hacking activities. The researchers have found this zero-day exploit is adapted from what NSA created years ago and have named it "Jian". Talking about the scope of Jian's capabilities, researchers said in the report that the tool allowed hackers to gain super privileges, meaning penetrating further into a compromised network or system to gain more access. The tool was used by APT-3 for at least three years before Microsoft discovered it and patched the vulnerability for its Windows operating system, the researchers have said.
Lockheed Martin, one of the premier defense groups in the US, is alleged to have been targeted by Jian. Although, the security researchers have not entirely said how much compromise the company had to suffer after the attack of Jian. The report also does not mention the names of other organisations or people that were affected by Jian. But they have outlined Jian is not just the product of this state-sponsored APT-3 hacking group.
Jian is said to be a "reconstructed" form of EpMe exploit that was developed by the Equation Group, which is another name for the Tailored Access Operations (TAO) unit of NSA. Back when the massive leak of cyber weapons in the case of Shadow Brokers leak in 2017 gave hackers a treasury of new tools, the hackers behind the Brokers group may have gained access to the tool. But the researchers claim the APT-3 hacking group may have stolen the code by monitoring it and that they have "strong evidence" for it. The Chinese hackers could have co-opted NSA tools when they were being used on a Chinese target, or during an operation on a third-party network, "monitored by the Chinese APT", or during an attack on the Equation Group infrastructure.
Researchers have noted in their expansive report that Jian was intended to be a prying tool, which could steal intellectual properties from prolific organisations, such as Lockheed Martin. According to FireEye, the Chinese APT-3 group had a wide range of targets, including "government, international financial organisation, and aerospace and defense organisations, high tech, construction and engineering, telecommunications, media, and insurance." This hacking group has also been in the news previously for their linkage to the hacking in the US presidential campaigns, including that of Joe Biden.