Investigations into malware attacks by Chinese hackers have revealed that the software used in the attacks was originally developed by the US National Security Agency (NSA).
A study conducted by Check Point Research (CPR) found that the malware virus known as Jian is a clone of EpMe, an intrusion tool developed by the Equation Group for use by the NSA.
CPR says that the EpMe clone can gain access to user machines using “zero-click vulnerabilities”, giving a hacker full reign over the device.
Jian was originally believed to have been a custom built virus developed by the Chinese advanced persistent threat group (APT). Researchers and investigators believe that the clone was leaked by the Shadow Broker group, and then re-purposed to attack US citizens.
The vulnerability was patched by Microsoft in 2017, but Jian was active for as long as 3 years before the patch was released.
© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.