The People’s Republic of China (PRC)-linked advanced persistent threat (APT) group “APT31” reportedly cloned and deployed a zero-day exploit developed by the US National Security Agency's (NSA) Equation Group in 2013. APT31 accessed two versions of Equation Group’s “EpMe” files, which they repurposed into the zero-day exploit “Jian”. Jian was deployed from 2015 until the vulnerability it exploited (CVE-2017-2005) was patched in 2017. The is the second reported incident of a PRC-linked APT targeting the NSA to repurpose cyber tools. This raises questions about how the NSA's prized offensive tools have been discovered or stolen by nation-state threat actors. With the theft of NSA cyber tools back in the spotlight, it is realistically possible APT31’s actions will have national security implications, compelling government agencies to reconsider how zero-day exploits should be managed under the Vulnerabilities Equities Process (VEP).
Most Recent Flipbooks
The Federal Security Service of the Russian Federation (FSB) conducted a series of raids and arrests against at least 20 members of the "REvil" ransomware group.
Weekly Intelligence Summary 14th Jan
Researchers have discovered a critical vulnerability in the popular open-source Java SQL database H2
For 2022, cyber-security practitioners must be extraordinarily nimble and adept. Plus information on telegram dropping malware, North Korean group exploits Russia, and Log4j crisis spilling in to 2022
Weekly Intelligence Summary 17th Dec
Log4j bug exposes fragility of digital ecosystem worldwide. Plus information on Magecart home for the holidays, Emotet regaining power, and Muddywater APT group hunts for airline data via Slack.
Weekly Intelligence Summary 10th Dec
Microsoft has allegedly halted a long-term cyber-espionage operation of “NICKEL”, a threat group linked to the People’s Republic of China (PRC).
Weekly Intelligence Summary 27th August
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.