It turns out that the hacker's hacking tools have been analyzed and 'reused' by enemy hackers


Richard Patterson

Each country's intelligence agencies are in fierce battles in the cyber world, sometimes using their own hacking tools to launch attacks on other countries. Under these circumstances, a hacker organization called ' Buckeye ', which seems to be related to the Chinese government, analyzed hacking tools used by the US National Security Agency (NSA) for attacks and 'reused' for attacks on other countries. It became clear.

Buckeye: Espionage Outfit Used Equation Group Tools Priors to Shadow Brokers Leak | Symantec Blogs

How Spies Got the Hacks Tools, and Used Them for Attacks-The New York Times

The NSA has spent a large amount of money developing cyber attacks using malware and hacking tools that were developed, and the Staxnet malware identified in 2010 runs a uranium enrichment centrifuge in Iran's nuclear fuel facility. We have achieved results such as impermeability. However, in 2017, the mysterious hacker organization ' Shadow Brokers ' stole the hacking tools of the NSA and shocked the world by leaking on the Internet.

It is believed that leaked hacking tools were reused by Russian and North Korean hackers and used for international cyber-attacks. In addition, according to a report released by US security company Symantec , before Shadow Brokers leaked a hacking tool, a Chinese hacker organization called Buckeye had been attacking with the NSA hacking tool.

Buckeye is believed to be supported by the Chinese government, and is a very dangerous organization that targets attacks on US space, satellite and nuclear propulsion technologies. Researchers at Symantec say that Buckeye has attacked research institutes and educational facilities in Belgium, Luxembourg, Vietnam, the Philippines, Hong Kong, etc. using NSA hacking tools.



Buckeye uses a modification of the hacking tools called 'Eternal Synergy' and 'Double Pulsar' developed by NSA since March 2016, before Shadow Brokers leaked NSA hacking tools. It was said that he was attacking. Although Symantec researchers do not know exactly how Buckeye got the hack tool code, it is likely that the code was stolen when the NSA launched an attack with the hack tool. I think.

In the past, hacking tools leaked by hacker organizations were known to have been adopted by intelligence agencies and other hacker organizations and attacked. However, the pattern of stealing the opponent's hacking tool when attacked seems to be unknown until now.

According to a Symantec researcher, Buckeye does not use the NSA hacking tool it obtained against the United States. As for the reason, 'The hacking tool developed by the NSA is considered that the US side has already taken measures.' 'We do not want to inform the US side that Buckeye has obtained the hacking tool of the NSA' It is believed that there is

For intelligence agencies that launch cyber-attacks like the NSA, the facts Symantec has presented presents a very bad scenario. If the enemy such as a foreign hacker organization discovers an undisclosed hacking tool or unknown vulnerability that he has developed, and the risk of being exploited on the contrary becomes realistic, the hacking tool or vulnerability is When launching an attack you use, you have to consider the possibility of bringing danger to your own country or allies.

In fact, the NSA hacking tool leaked by Shadow Brokers is believed to have become the basis of the

worldwide epidemic malware ' WannaCry '. Attacks using WannaCry have affected more than 70,000 devices and health care systems owned by the UK National Health Service , and the shipping company, AP Moller Marsk, has been suspended.

Eric Chien, Symantec's security director, said that NSA and other intelligence agencies are likely to analyze their own hacking tools when they launch an attack, and may even threaten their country. Pointed out that it is necessary to put in In addition, three hackers belonging to Buckeye were prosecuted in March 2017, and hacking tools considered to have been taken from the NSA were used until September 2018 despite the fact that Buckeye's activities were calmed down. It had been done. From this point, Chien believes that the NSA hacking tool taken away by Buckeye may have been handed over to other groups.

by Soumil Kumar

in Software,   Security, Posted by log1h_ik