In 2016 Chinese Intelligence agents acquired and then re-purposed National Security Agency hacking tools. These re-purposed tools were then used to attack American Allies, as well as private companies in Europe and Asia.
There are many clues that the tools were not ‘stolen’ but captured from the N.S.A computers.
The Chinese hacking group is one of the most dangerous there is in China. They are responsible for numerous attacks on some of the most sensitive defense targets inside the United States, including space, satellite and nuclear propulsion technology makers.
A hacker group that calls themselves the Shadow Brokers released their entire collection of N.S.A. exploits in April 2017. Where they were then used for devastating global attacks by Russia and North Korea.
Many times over the last decade, American intelligence agencies have had hacking tools and details about highly classified cybersecurity programs resurface in the hands of other nations or criminal groups.
After the N.S.A used malware against Iran’s nuclear centrifuges we then saw it used around the world by someone else. Someone using the same exact code.
“We’ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies,” said Eric Chien, a security director at Symantec, said.
It is still unknown exactly how the code was taken but experts know that Chinese intelligence contractors used the re-purposed American tools to carry out cyberintrusions in at least five countries or territories: Belgium, Luxembourg, Vietnam, the Philippines and Hong Kong. The targets included scientific research organizations, educational institutions and the computer networks of at least one American government ally.
“This is the first time we’ve seen a case — that people have long referenced in theory — of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” Mr. Chien said.
Symantec researchers believe that the Chinese have not turned the tools back against the United States because, they possibly assume that we have already created defenses against our own created tools and they might not want to reveal that they have them.
The internet release of the N.S.A’s hacking tools forced them to re-evaluate possible vulnerabilities. The agency was forced to turn over its arsenal of software vulnerabilities to Microsoft for patching and to shut down some of the N.S.A.’s most sensitive counter-terrorism operations, two former N.S.A. employees revealed.
The N.S.A.’s tools were picked up by North Korean and Russian hackers and used for attacks that crippled the British health care system, shut down operations at the shipping corporation Maersk and cut short critical supplies of a vaccine manufactured by Merck. In Ukraine, the Russian attacks paralyzed critical Ukrainian services, including the airport, Postal Service, gas stations and A.T.M.s.
“None of the decisions that go into the process are risk free. That’s just not the nature of how these things work,” said Michael Daniel, the president of the Cyber Threat Alliance, who previously was Cybersecurity Coordinator for the Obama administration. “But this clearly reinforces the need to have a thoughtful process that involves lots of different equities and is updated frequently.”
Tired of paying to much for your Managed Services?
Why not give our Essential packages a look! We have exactly what every type of business needs.