Chinese-Affiliated APT31 Cloned & Used NSA Hacking Tool
According to recent Check Point Security Research, Chinese threat actor group APT31 allegedly cloned and re-used a National Security Agency hacking tool years before Microsoft patched the severe vulnerability that it targeted. The tool was a Windows-based program that was referred to as “Jian” until the Microsoft vulnerability was patched in 2017.
According to Check Point, APT31 was able to clone the tool linked to the Equation Group, an operation that was discovered by researchers at Kaspersky in 2015. The group was described as the world’s most sophisticated and advanced hacking organization and was in operation in 2001 or earlier. The group is often thought to have ties with the NSA’s Tailored Access Operations. Both the US and Chinese affiliated tools exploit the same Windows privilege escalation vulnerability in Microsoft services.