The Chinese Nation-State hacker group, named Buckeye just captured an exploit and backdoor that were made and used by the National Security Agency.
The Chinese got the tools not by stealing the code, but by being vigilant when they got hit by them.
Researchers found out that both the exploit and the backdoor, that were gathered by Buckeye, were part of the Equation Group toolset that was leaked by the Shadow Brokers.
Buckeye is also known as APT3, a hacker group linked to Chinese intelligence, while the Equation Group activities are linked to the National Security Agency.
The Shadow Brokers started leaking data and hacking tools used by the National Security Agency starting in August 2016.
Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;
A recently released report shows that Chinese operatives reverse-engineered the tools and now are using them to cyber attack others.
This new approach to study and development of the NSA tools is not surprising at all, because security companies regularly do the same: learning attacker techniques to inform defense.
Cybersecurity researchers say that this new incident shows a major issue for military and security professionals that are involved in cyber warfare.
Even more surprising is the fact that Buckeye hacker group apparently had access to the exploit and backdoor for at least a year before the tools were leaked by Shadow Brokers.
By doing a malware analysis on the exploit used by the Buckeye, researchers found out that is one half of EternalRomance and one-half EternalSynergy. Both tools are in fact a remote exploit paired with an information disclosure exploit.
In addition, the Buckeye group also began using a variant of the Equation Group’s DoublePulsar.
Other theories could explain the fact that the same tools are being used by two different nation-state groups, but it is less likely for this scenario to be true.
For example, if Chinese intelligence also ran the Shadow Brokers, that could explain why both Buckeye and the Shadow Brokers had access to the exploit and the backdoor. However, this not explain the improvement of the Buckeye group’s version of the tools and the mismatch between those tools.
We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.