A security firm, Check point has uncovered evidence that a Chinese group of hackers called APT31 was successful in gaining access to a Windows hacking tool, EpMe. The tool was developed and was under utilization by a group of hackers associated with the National Security Agency (NSA).
How have nation-states managed to steal clandestine cyber weapons? @_CPResearch_ reports on a group of Chinese hackers who have cloned a cyber-operative tool that belonged to a US-based #hacking unit. Get the details: https://t.co/OKgLKxniuY pic.twitter.com/7B1dzY9GxP
— Check Point Software (@CheckPointSW) February 22, 2021
According to Check Point, a Chinese group was successful in building their own hacking tool from EpMe code in 2015. The Chinese hackers then used that tool, which Check Point terms as “Jian” or “double-edged sword,” from 2015 until March 2017, when the Windows vulnerability (CVE-2017-0005) it was exploiting was patched by Microsoft.
“Jian was reported to Microsoft by Lockheed Martin’s Computer Incident Response Team, hinting at a possible attack against an American target.”, said a blog post by Check point.
