Weekly Intelligence Summary 26 February

February 26, 2021

The People’s Republic of China (PRC)-linked advanced persistent threat (APT) group “APT31” reportedly cloned and deployed a zero-day exploit developed by the US National Security Agency's (NSA) Equation Group in 2013. APT31 accessed two versions of Equation Group’s “EpMe” files, which they repurposed into the zero-day exploit “Jian”. Jian was deployed from 2015 until the vulnerability it exploited (CVE-2017-2005) was patched in 2017. The is the second reported incident of a PRC-linked APT targeting the NSA to repurpose cyber tools.  This raises questions about how the NSA's prized offensive tools have been discovered or stolen by nation-state threat actors. With the theft of NSA cyber tools back in the spotlight, it is realistically possible APT31’s actions will have national security implications, compelling government agencies to reconsider how zero-day exploits should be managed under the Vulnerabilities Equities Process (VEP).  

Previous Report
Weekly Intelligence Summary 05 March
Weekly Intelligence Summary 05 March

The French National Cybersecurity Agency (ANSSI) identified a new “Ryuk” ransomware variant that has the ca...

Next Video
Initial Access Brokers: A Deep Dive
Initial Access Brokers: A Deep Dive

Initial Access Brokers: A Deep Dive - Webinar Feb 2021

Want To Try Our Digital Risk Protection Tool?

Get Started Free