Did Chinese Cyber Spies Break Into US Aerospace Giant Lockheed Martin’s System?
Israeli researchers have found out that Chinese spyware detected by Lockheed Martin’s Computer Incident Response Team in 2017 might have been stolen from the US National Security Agency’s break-in tools.
‘Jian’, a type of malware used by APT31 (a China-based
Advanced Persistent Threat Group), had targeted US aerospace giant Lockheed
Martin. In 2017, Lockheed Martin’s Computer Incident Response Team had detected
it in their system and reported it to Microsoft, suggesting a possible cyber
attack against an American target.
The Advanced Persistent Threat (APT31) is a China-based
cyberespionage group focused on obtaining information that can provide the
Chinese government and state-owned enterprises with political, economic, and
military advantages.
It has targeted government, international financial
organizations, aerospace and defense companies as well as construction,
engineering, telecommunications, media, and insurance firms.
Tel Aviv-based Check Point Software Technologies has
released a report revealing that some features in a piece of China-linked
malware Jian were similar to the codes of the National Security Agency break-in
tools leaked on the internet in 2017.
According to the report, a state-sponsored hacking group
from China lifted some codes from NSA’s hacking tool, which was developed back
in 2014. They used these codes for creating new tools for surveillance and
hacking activities.
Researchers have said that the tool allowed hackers to gain
super privileges, meaning penetrating further into a compromised network or
system to gain more access. Check Point’s head of research Yaniv Balmas called
‘Jian’ “kind of a copycat, a Chinese replica.”
While there has been no comment from the US or China on the
claims, a researcher with Moscow-based antivirus firm Kaspersky Lab, Costin
Raiu, has told news agency Reuters that Checkpoint’s research is thorough and
“looks legit”.
Lockheed had detected the malware while routinely evaluating
third-party software and technologies to identify vulnerabilities. In 2016 and
2017, a group called ‘Shadow Brokers’ had published the NSA’s most dangerous
code on the internet. This had resulted in allowing cybercriminals and rival
nations access to American-made digital break-in tools.
The research report highlights that a Windows vulnerability
that was attributed to a Chinese attack group was based on a hacking tool
“EpMe” created by the Equation group, a security industry name for hackers that
are part of NSA.
Since the Chinese hacker group built their own hacking tool,
a replica of ‘EpMe’, the researchers said this means that a Chinese-affiliated
group used an Equation Group exploit possibly against American targets.
Comments
Post a Comment