Investigation of a malware tool used by Chinese hackers revealed that it was a copy of software that was reportedly originally developed by part of the US National Security Agency (NSA).
Check Point Research (CPR) security researchers originally believed that the tool known as Jian was specially developed by Chinese threat actors. However, further CPR research revealed that it was a clone of the EpMe software used by the Equation Group, which has long been believed to work on behalf of the NSA.
According to ZDNetCPR states that “the tool is used after an attacker gains initial access to a target computer – for example through a zero-click vulnerability, phishing email, or other option – to give the attacker the highest level of permissions available to grant “roam free” and do what they want on the already infected computer. “
Leaked and misappropriated
Both Jian and EpMe are exploiting the Windows Privilege Escalation Vulnerability tracked as CVE-2017-005. Researchers add that the tools …