fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Chinese Hackers Used NSA Exploit Years Before Shadow Brokers Leak

Chinese Hackers Used NSA Exploit Years Before Shadow Brokers Leak

Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017.

EpMe is the original exploit created by Equation Group around 2013 for a Windows zero-day bug tracked as CVE-2017-2005.

The vulnerability was used for escalating Windows user privileges after gaining access to targeted devices since it’s a local privilege escalation (LPE) bug affecting devices running Windows XP up to Windows 8.

Microsoft patched this security bug in March 2017 and attributed active exploitation to the Chinese-backed APT31 hacking group.

Stolen, cloned, and weaponized

However, APT 31 (also tracked as Zirconium) built their exploit, dubbed Jian, by replicating the functionality of the EpMe exploit stolen from the Equation Group (NSA’s Tailored Access Operations (TAO) unit) as Check Point researchers revealed in a report published today.

“To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called ‘EpMe’,” Check Point said. “This means that an Equation Group exploit was eventually used by a Chinese-affiliated group, probably against American targets.”

Also Read: Key PDPA Amendments 2019/2020 You Should Know

This was made possible after the Chinese state hackers captured 32-bit and 64-bit samples of the Equation Group’s EpMe exploit.

Once replicated, the zero-day exploit was used by APT31 alongside other hacking tools in their arsenal, including the group’s multi-staged packer.

Microsoft patched the vulnerability Jian was designed to abuse only after Lockheed Martin’s IRT found an exploit sample in the wild and shared it with Microsoft.

Jian timeline
Jian timeline (Check Point)

Not the first stolen NSA exploit

While this isn’t the first case of a Chinese-backed APT group using Equation Group zero-days in their attacks, this is the first time Chinese cyberspies were able to get their hands on exploit samples and clone them for their own purposes.

“The first was when APT3 used their own version of EternalSynergy (called UPSynergy), after acquiring the Equation Group EternalRomance exploit,” Check Point added.

“However, in the UPSynergy case, the consensus among our group of security researchers as well as in Symantec was that the Chinese exploit was reconstructed from captured network traffic.”

As Check Point says, the APT31 operators could get their hands on the exploit samples themselves in all of their supported versions since Jian was assembled using the 32-bits and 64-bits versions of Equation Group’s exploit.

The APT31 hackers were thus able to get the Equation Group exploit samples in one of the following ways, according to Check Point:

  • Captured during an Equation Group network operation on a Chinese target.
  • Captured during an Equation Group operation on a 3rd-party network which was also monitored by the Chinese APT.
  • Captured by the Chinese APT during an attack on Equation Group infrastructure

“Fundamentally, our research is a demonstration of how one APT group is using the tools of another APT group for their own operations, making it harder for security researchers to perform accurate attribution of attacks, and showing how complex the reality behind these attacks truly is and how little we know,” Check Point Senior Security Researcher Itay Cohen said.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

“Our hope is that our recent research technique of tracking exploited vulnerabilities could lead to new conclusions that have been under looked by the security industry up until now.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us