Israeli cyber firm: Chinese hacking tool was modeled on NSA spyware

An Israeli cybersecurity firm announced Monday that China has used a hacking tool initially developed by the US National Security Agency.

In a new report, Check Point Software Technologies said the Chinese malware, which it dubbed “Jian,” exploited a vulnerability in Windows. It said the exploit was a replica of one used by the secretive “Equation Group” at the NSA.

Check Point said the tool was developed in 2014 and has been used since at least the following year, two years before cyber weapons made by the Equation Group were leaked online. The Tel Aviv-based firm hypothesized that Chinese spies may have obtained the code during an Equation Group operation against a target in China, captured it while monitoring an Equation Group attack against a third party, or acquired it during a Chinese operation against the Equation Group.

Yaniv Balmas, the head of research at Check Point, said the report showed the development of hacking tools could come back to bite their creators.

“Maybe it’s more important to patch this thing and save the world,” Balmas was quoted as saying by Reuters. “It might be used against you.”

Check Point also said the exploit, which was patched in 2017, was reported to Microsoft by US defense contractor Lockheed Martin, “hinting at a possible attack against an American target.” There was no word on what the target may have been and Lockheed said it was discovered on the network of another party, without elaborating further.