Click to Skip Ad
Closing in...

NYT: Chinese hackers detected and repurposed NSA malware for attacks

Published May 7th, 2019 6:04PM EDT
China vs. USA
Image: Cultura/REX/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

An unidentified group of hackers that are referred to as Shadow Brokers posted several NSA hacking tools online in 2016 and 2017. But a new report reveals that some of the NSA’s malware tools were reversed-engineered long before that by Chinese hackers who then used them in cyberattacks targeting other countries.

Security researchers from Symantec believe that the Chinese did not steal the tools directly from the NSA. Instead, they discovered an NSA attack on their own computers, captured the code, and then repurposed it to serve their interests. This happened in March 2016, well before the August 2016 Shadow Brokers leak, The New York Times reports.

The Chinese group responsible for the hacking tool “heist” is believed to be the most dangerous Chinese hacker organization that the NSA tracks. This group, which Symantec refers to as the Buckeye group, is responsible for attacks on various US targets, including space, satellite and nuclear propulsion technology makers.

The report says the attackers used the NSA tools to target five countries, including Belgium, Hong Kong, Luxembourg, the Philippines, and Vietnam. Buckeye did not use the tools against the US, the report notes, either for fear of having their trick discovered, or thinking that US targets would already have patches in place that would prevent the hack from working.

“This is the first time we’ve seen a case — that people have long referenced in theory — of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” Symantec security director Eric Chien said.

Separately, Russia and North Korea are believed to have used some of the leaked NSA tools to target several objectives in previous years, including the British health care system, the Maersk shipping corporation, Merck, as well as various critical Ukraine services. But all of that happened only after the NSA tools were leaked.

The report notes that the Buckeye group “went dark” once the Justice Department indicted three of its members in 2018. But the repurposed tools were still used in attacks in Europe and Asia through last September.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.

More Tech