Chinese state-backed hackers reverse engineered tools used by a US-government affiliated hacking group, enabling them to expand their arsenal of espionage tactics without the need for a direct attack on US intelligence agencies, new research suggests.

Why it matters: Developing new tools for intrusion and espionage requires significant resources. The ability to mimic these tools instead allows hacking groups to develop their arsenal in a relatively short period of time.

  • The hackers are part of an advanced persistent threat (APT) group, which typically run extended intrusion campaigns and are backed by governments around the world.

Details: APT3, also known as the UPS Team, were able to engineer their own version of a network infiltration tool used by the Equation Group, a hacking collective linked to the National Security Agency (NSA), an American national intelligence unit.

  • The Equation Group’s tool was initially leaked online in 2017 by a clandestine group of hackers dubbed the Shadow Brokers. However, researchers found that a variant of this tool was used by Chinese hackers prior to the leak.
  • Researchers at cybersecurity firm Check Point said they cannot say with absolute certainty that the tools were developed in-house, but evidence indicates Chinese APT groups collect tools used against them to “reverse engineer and reconstruct them to create equally strong digital weapons.”
  • The researchers said that this could suggest the US and China are engaged in a “cyber arms race” to develop new cyber tools.

“We believe that this artifact was collected during an attack conducted by the Equation Group against a network monitored by APT3, allowing it to enhance its exploit arsenal with a fraction of the resources required to build the original tool.”

—Mark Lechtik and Nadav Grossman, researchers at cybersecurity firm Check Point

Context: APT3 is one of many Advanced Persistent Threat groups that are active in China. Others include APT41, APT40, and APT30.

  •  These groups typically have a specific area of focus, such as particular industries or geographies.
  • For example, APT41 is known for having targeted the healthcare, high-tech, and telecommunications sectors in more than a dozen countries. Meanwhile, APT40’s focus is on nations important to China’s controversial Belt and Road Initiative, as well as countries in Southeast Asia.

Chris Udemans

Christopher Udemans is TechNode's former Shanghai-based data and graphics reporter. He covered Chinese artificial intelligence, mobility, cleantech, and cybersecurity.

Leave a comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.