Chinese hackers repurposed captured NSA hacking tools to carry out cyber attacks in 2016

Symantec says group linked with China's Ministry of State Security acquired NSA tools months before they were leaked by Shadow Brokers

Two hacking tools created by the US National Security Agency (NSA) were repurposed by a group of Chinese hackers to attack targets in Europe and Asia in 2016.

That ' s according to researchers at Symantec, who claim today that hacking groups based in China started using the tools about 14 months before they were leaked by a peculiar group calling itself the Shadow Brokers.

In 2017, Shadow Brokers published several tranches of NSA hacking tools and exploits online, some of which were subsequently used in security breaches around the world, including the WannaCry ransomware attacks and NotPetya worms attacks.

While Shadow Brokers repeatedly claimed to have stolen the tools directly from the NSA via a compromised server, the researchers couldn't find the evidence to back that up.

Now, the findings of the investigation by Symantec indicate that the China-based Buckeye group had acquired some of the NSA ' s tools months before Shadow Brokers started publishing them on the internet.

You cannot guarantee your tools will not get leaked and used against you and your allies

Buckeye is the codename for Chinese intelligence contractors that work for the Chinese Ministry of State Security. Based in Guangzhou, Buckeye is also known by several other names, including Gothic Panda, APT3, TG-0110, and UPS Team.

According to Symantec, Buckeye acquired the NSA ' s trove of hacking tools after attacks by the US agency on its systems.

The group altered the tools to create its own versions and then surreptitiously used those tools for several months before they were published by Shadow Brokers.

Attacks were carried out on various educational institutions, scientific research organisations and computer networks in at least five places, including Luxembourg, Belgium, Vietnam, Hong Kong and the Philippines, according to the research.

One attack on a telecom network may have given attackers access to hundreds of thousands of private communications, Symantec claimed.

Buckeye is the codename for Chinese intelligence contractors that work for the Chinese Ministry of State Security

Symantec ' s report is the latest evidence to suggest that it is becoming increasingly difficult for the US to keep track of the backdoors its uses to break into adversaries networks.

The episode also sets off a debate within the cyber-security community over whether US agencies should continue to develop some of the world ' s most stealthy cyberweapons if they can ' t keep them under lock.

"We ' ve learned that you cannot guarantee your tools will not get leaked and used against you and your allies," Eric Chien, a security director at Symantec, told the New York Times.

"People come and go. Clearly the tools live on," he added.

Computing and CRN have united to present the Women in Tech Festival UK 2019, on 17 September in London.

The event will celebrate successful women in the IT industry, enabling attendes to hear about, and to share, personal experiences of professional journeys and challenges.

Whether you're the ‘Next Generation', an ‘Inspirational Leader', or an ‘Innovator of Tech' this event will offer inspiration on not only how to improve yourself, but how to help others too. The event is FREE for qualifying IT pros, but places will go fast