Saturday, November 23, 2024

Chinese Researchers Say They’ve Spotted an NSA Hacking Tool

A Chinese security firm released a detailed report about what it says is malware created by Equation Group, a hacking group widely believed to be the NSA

Researchers Say They’ve Spotted an NSA Hacking Tool

Security researchers from Pangu Labs say they’ve pieced together the origins of a nearly decade-old hacking tool, and that it traces back to the Equation Group, which is widely thought to be the US National Security Agency.

They say they were able to make the link thanks in part to a leak by the Shadow Brokers, a mysterious group that released a trove of apparent NSA secrets in 2016. More interesting than the tool itself, though, is the public attribution to the NSA—which, while not unprecedented, is extremely rare. Or at least, it has been. 

NSA Hacking Tool

A Chinese cybersecurity company accused the NSA of being behind a hacking tool used for ten years in a report published on Wednesday

The report from Pangu Lab delves into malware that its researchers first encountered in 2013 during an investigation into a hack against “a key domestic department.” At the time, the researchers couldn’t figure out who was behind the hack, but then, thanks to leaked NSA data about the hacking group Equation Group—widely believed to be the NSA—released by the mysterious group Shadow Brokers and by the German magazine Der Spiegel, they connected the dots and realized it was made by the NSA, according to the report. 

“The Equation Group is the world’s leading cyber-attack group and is generally believed to be affiliated with the National Security Agency of the United States. Judging from the attack tools related to the organization, including Bvp47, Equation group is indeed a first-class hacking group,” the report read, referring to the name of the tool the researchers found. “The tool is well-designed, powerful, and widely adapted. Its network attack capability equipped by 0day vulnerabilities was unstoppable, and its data acquisition under covert control was with little effort. The Equation Group is in a dominant position in national-level cyberspace confrontation.” 

Recommended:  RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)

Pangu Lab could not be reached for comment. 

This is not the first time a Chinese cybersecurity company published research on an alleged American intelligence hacking operation. But it’s “pretty rare,” as Adam Segal, an expert in China’s cybersecurity at the Council on Foreign Relations, put it in an email to Motherboard.

“I don’t know who Pangu’s customers are, but it might also be something their customers want to hear right now, just like lots of Western cybersecurity companies post about Russian malware because everyone in the West wants to hear about it right now,” Martijn Grooten, a veteran of the cybersecurity industry, told Motherboard in an online chat. “It also sounds like something the NSA would have the capabilities of doing. And something China would love to make public, especially now.”

This report may be a sign that Chinese cybersecurity companies are starting to follow the example of their Western counterparts and do more attribution. It could be “a shifting strategy to become more name and shame as the US government has employed,” Robert Lee, a former NSA analyst and founder of cybersecurity company Dragos, told Motherboard in an online chat. 

 For Richard Bejtlich, another veteran of the cybersecurity industry and author in residence at security firm Corelight, it’s a good thing that Chinese companies, and presumably China’s government, are improving their attribution capabilities, as “it will increase overall geopolitical stability,” as he tweeted.

Recommended:  Vodafone Portugal hit by hackers, says no client data breach

“It is an inherently unstable situation to have parties lacking visibility into adversary activity. It breeds paranoia and in many cases an incentive to strike first. When you have insights into your adversary you can make more informed decisions,” Bejtlich told Motherboard in an online chat. “ When you lack them you are constantly worrying about being attacked, or already attacked, etc., and you can’t be sure who is responsible. It’s a classic intelligence situation. That’s why spies on both sides are counterintuitively important.”

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security