Chinese spies were using hacking tools developed by the US a year before they were leaked online by a group linked to Russian intelligence, it has been claimed
The hijacking of the US tools was uncovered by cyber security firm Symantec, which uses codenames for the groups involved and, for commercial reasons, does not itself accuse states of sponsoring them.
Dick O’Brien, a threat researcher at Symantec, told Sky News that the main purpose of the tools used by the Chinese hackers – known as Buckeye – was to facilitate spying.
Mr O’Brien explained that the malware code used by Buckeye was “essentially the same” as the code used by the US National Security Agency, known as the Equation Group.
Symantec’s threat researcher said: “It’s virtually impossible that two groups would have independently developed the same software, unbeknownst to each other.”
Hacking tool code is typically among the most highly classified material which intelligence agencies possess, although it can be captured and copied when it is sent to infect target’s computers.
Mr O’Brien explained that there were a couple of possible explanations about how the Chinese hackers could have obtained these hacking tools a year before they were scandalously publicly leaked online.
“Buckeye may have observed an Equation Group attack and engineered its own versions of the tools from artefacts found in either their own or another party’s captured network traffic.
“Alternatively, Buckeye could have obtained the tools by gaining access to an unsecured or poorly secured Equation Group server.
“A third possibility is that a rogue Equation Group member or associate leaked the tools to Buckeye.”
The way in which the Chinese hackers could have gained the tools is of interest as the loss of those tools caused great damage and embarrassment when they were leaked online in 2017.
The group that leaked these tools, calling itself the Shadow Brokers, first appeared in 2016, and would later be tied to Russian intelligence.
The group claimed it had access to 75% of the US cyber arsenal which they offered to auction to the highest bidder, and subsequently released some of the hacking tools for free to prove that they possessed them.
One of these tools would later be used in the WannaCry attack by North Korea which crippled the computer systems of the NHS in the UK.
Source: SKY NEWS