Chinese hackers cloned attack tool belonging to NSA’s Equation Group

Chinese threat actors “cloned” and used a Windows zero-day exploit stolen from the NSA’s Equation Group for years before the privilege escalation flaw was patched, researchers say.

On Monday, Check Point Research (CPR) said the tool was a “clone” of software developed by the US National Security Agency (NSA)’s Equation Group, identified by FireEye in 2015 and described as “one of the most sophisticated cyberattack groups in the world.”

Thought to be active since at least 2001, Equation Group has since been linked to the US intelligence agency’s Tailored Access Operations (TAO) unit.

The Shadow Brokers hacking group released tools and files belonging to Equation Group in 2017, some of which were used to exploit previously-unknown bugs in popular systems including Microsoft Windows — forcing vendors to issue a flurry of emergency patches and fixes to render the exploit tools useless.

Read more…
Source: ZDNet