Latest news Network Web

NSA may have 'supplied' its own exploit tools to China

A symantec blog post this week revealed that China's spy group Buckeye used the NSA's "Double Pulsar" and "Eternal Blue" exploit at least a year before the Shadow Brokers group was released. Symantec believes that Buckeye may also have been able to examine the NSA's tools during an NSA attack, which allowed him to develop his own version of these tools...

A symantec blog post this week revealed that China's spy group Buckeye used the NSA's "Double Pulsar" and "Eternal Blue" exploit at least a year before the Shadow Brokers group was released. Symantec believes that Buckeye may also have been able to examine the NSA's tools during an NSA attack, allowing it to develop its own version of those tools.

According to Symantec, Buckeye stole information by gaining access to telecommunications, R&D and educational institutions from Hong Kong, Belgium, Luxembourg and some Asian countries. Buckeye used a variant of DoublePulsar, which was delivered via a special exploit tool called "Bemstour", which was specially developed for the installation of DoublePulsar.

Credit: Carsten Reisinger/Shutterstock

Bemstour exploits two Windows vulnerabilities to achieve remote execution of kernel code on the victim's machine. One of them (CVE-2019-0703) is a zero-day vulnerability discovered by Symantec. The security company did not report the leak to Microsoft until September 2018, which patched it in March 2019. Eleven days after Microsoft fixed the vulnerability, Symantec discovered another variant of "Bemstour" in circulation.

The second vulnerability (CVE-2017-0143) used by Buckeye and patched by Microsoft in March 2017 was also used by two special NSA exploit tools, "EternalRomance" and "EternalSynergy," as published in the Shadow Brokers leak. Another security provider also told Symantec that the Buckeye Group had used another malware called "Filensfer" in conjunction with another well-known back door created by Buckey called "Pirpi."

 

Using NSA Tools by Hacking Group Spreads

According to Symantec, Buckeye's activity was discontinued in mid-2017. A few months later, in November 2017, three suspected members of the group were indicted by the US government. Although the group's activity has ended, the tools it uses have been used by other hackers in conjunction with other malware for at least another year, until September 2018. The Shadow Brokers Group had already made the NSA tools public in April 2017. But since then, several groups of cybercriminals have integrated them into their hacking toolsets with devastating effectiveness. Symantec believes Buckeye never had access to all NSA exploit tools – before the Shadow Brokers released them.

That another spy/hacker group gained access to the NSA's hacking tools by simply tracking a live attack by the NSA is another example of why creating backdoors for the supposedly "good" (assuming you're willing to include the NSA as such) will never work in the real world, as all categories of hackers can eventually get the same backdoors (or hackers) in the real world.

Thanks to the hubris of the NSA, microsoft sees it, some of the world's most dangerous cybercrime groups now have access to high-quality and sophisticated hacking tools that will cause significant damage to millions of people for many years to come. Can. Thank you very much for that.

 

 

Source: Symantec, Tom's Hardware

 

Danke für die Spende



Du fandest, der Beitrag war interessant und möchtest uns unterstützen? Klasse!

Hier erfährst Du, wie: Hier spenden.

Hier kannst Du per PayPal spenden.

About the author

Igor Wallossek

Editor-in-chief and name-giver of igor'sLAB as the content successor of Tom's Hardware Germany, whose license was returned in June 2019 in order to better meet the qualitative demands of web content and challenges of new media such as YouTube with its own channel.

Computer nerd since 1983, audio freak since 1979 and pretty much open to anything with a plug or battery for over 50 years.

Follow Igor:
YouTube Facebook Instagram Twitter