Chinese Hackers Cloned And Reused NSA’s Hacking Software

Investigations into malware attacks by Chinese hackers have revealed that the software used in the attacks was originally developed by the US National Security Agency (NSA).

A study conducted by Check Point Research (CPR) found that the malware virus known as Jian is a clone of EpMe, an intrusion tool developed by the Equation Group for use by the NSA. 

CPR says that the EpMe clone can gain access to user machines using “zero-click vulnerabilities”, giving a hacker full reign over the device.

Jian was originally believed to have been a custom built virus developed by the Chinese advanced persistent threat group (APT). Researchers and investigators believe that the clone was leaked by the Shadow Broker group, and then re-purposed to attack US citizens.

The vulnerability was patched by Microsoft in 2017, but Jian was active for as long as 3 years before the patch was released.


© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.