×

Register to Access Intelligence Summary

First Name
Last Name
Job Title
Company
Country
State
Thank you!
Error - something went wrong!
   

Weekly Intelligence Summary 26 February

February 26, 2021

The People’s Republic of China (PRC)-linked advanced persistent threat (APT) group “APT31” reportedly cloned and deployed a zero-day exploit developed by the US National Security Agency's (NSA) Equation Group in 2013. APT31 accessed two versions of Equation Group’s “EpMe” files, which they repurposed into the zero-day exploit “Jian”. Jian was deployed from 2015 until the vulnerability it exploited (CVE-2017-2005) was patched in 2017. The is the second reported incident of a PRC-linked APT targeting the NSA to repurpose cyber tools.  This raises questions about how the NSA's prized offensive tools have been discovered or stolen by nation-state threat actors. With the theft of NSA cyber tools back in the spotlight, it is realistically possible APT31’s actions will have national security implications, compelling government agencies to reconsider how zero-day exploits should be managed under the Vulnerabilities Equities Process (VEP).  

Previous Report
Weekly Intelligence Summary 05 March
Weekly Intelligence Summary 05 March

The French National Cybersecurity Agency (ANSSI) identified a new “Ryuk” ransomware variant that has the ca...

Next Report
Weekly Intelligence Summary 19 February
Weekly Intelligence Summary 19 February

An unidentified attacker accessed the computer systems of a water treatment facility in the US, altering so...

×

Want these
Threat Intelligence reports sent straight to your inbox?

Subscribe below!

First Name
Last Name
Company
Country
State- optional
Job Title
Thank you!
Error - something went wrong!