×

Register to Access Intelligence Summary

First Name
Last Name
Job Title
Company
Country
State
Thank you!
Error - something went wrong!
   

Weekly Intelligence Summary 26 February

The People’s Republic of China (PRC)-linked advanced persistent threat (APT) group “APT31” reportedly cloned and deployed a zero-day exploit developed by the US National Security Agency's (NSA) Equation Group in 2013. APT31 accessed two versions of Equation Group’s “EpMe” files, which they repurposed into the zero-day exploit “Jian”. Jian was deployed from 2015 until the vulnerability it exploited (CVE-2017-2005) was patched in 2017. The is the second reported incident of a PRC-linked APT targeting the NSA to repurpose cyber tools.  This raises questions about how the NSA's prized offensive tools have been discovered or stolen by nation-state threat actors. With the theft of NSA cyber tools back in the spotlight, it is realistically possible APT31’s actions will have national security implications, compelling government agencies to reconsider how zero-day exploits should be managed under the Vulnerabilities Equities Process (VEP).  

Previous Post
Weekly: When Initial Access Brokers Attack
Weekly: When Initial Access Brokers Attack

ShadowTalk hosts Alec, Ivan, Charles, and Digital Shadows CISO Rick bring you the latest in threat intellig...

Next Report
Exposed Credentials Solutions Guide
Exposed Credentials Solutions Guide

This guide draws from best practices suggested in SearchLight’s playbooks, so security professionals can im...

×

Threat Intel Fan?

Sign up below to get our TI updates delivered to your inbox!

First Name
Last Name
Company
Country
State- optional
Job Title
Thank you!
Error - something went wrong!