In the report, the cybersecurity company Symantec claims that a Chinese hacker group associated with Chinese government intelligence conducted a hacking campaign using a tool that at the time was only known to be the property of the NSA.
While Chinese government hackers are prolific spies around the world, they apparently only used their NSA tool sparingly.
“When they were in action, they were pretty noisy, they hit a lot of targets,” Eric Chien, a fellow at Symantec, told CNN.
“But the number of targets that we’ve been able to recover so far that used this exploit was very few. They saw it was high value and didn’t want to use it everywhere,” he said.
The findings muddy the timeline of an already strange episode in the NSA’s recent history. In 2016, a group calling itself Shadow Brokers appeared online in 2016 and began leaking the agency’s tools.
In April 2017 — after the last known incident in which the Chinese hackers used the NSA tool, but before the US indictment prompted that operation to go dark — Shadow Brokers released their most damaging set of NSA tools. That included one Windows exploit that both North Korea and Russian intelligence services used to create the two most damaging ransomware strains in history, prompting international condemnation.
But those were different variants of the NSA tools than the ones Symantec found that China was using.
It’s unclear how the tool got into Chinese hands. The NSA didn’t respond to request for comment.
“We’re in a very murky place,” John Hulquist, director of intelligence at FireEye, a company that extensively tracks Chinese hacking, told CNN.
“This report raises a lot of questions that are still unanswered.”
In response to the claims, China’s Ministry of Foreign Affairs echoed China’s common refrain when it is accused of hacking US targets. Spokesperson Geng Shuang denied the report, claiming to CNN that “those who criticize or accuse us have never produced any concrete evidence.”
“China uses a variety of methods to acquire foreign military and dual-use technologies, including targeted foreign direct investment, cyber theft, and exploitation of private Chinese nationals’ access to these technologies, as well as harnessing its intelligence services, computer intrusions, and other illicit approaches,” the congressionally mandated Department of Defense report said.
CNN’s Steven Jiang and Ryan Browne contributed to this report.
more recommended stories
New Storm To bring Possible Tornadoes and Damaging Winds Across the South; Fire Danger for Southern California
Nestor made landfall on Saturday in.
Kevin McCarthy dismisses concerns on government spending at Trump properties: ‘Just like any other hotel’
His comments come as House Democrats.
UK Parliament votes to force Brexit delay in setback for Boris Johnson
U.K. lawmakers voted on Saturday to.
Trump's controversial move is a historic first
The White House announced that the.
Horse injured in race at Santa Anita; 34th to die at track
A 3-year-old gelding was fatally injured.
White House defends Trump’s Florida resort as ‘significantly cheaper’ option for G7 site
The administration says the event will.
Over-the-counter heartburn drug Zantac pulled in US, Canada
Drugmaker Sanofi is recalling its over-the-counter.
Energy Department won’t comply with impeachment subpoena
The letter argues about the validity.
Former Navy SEAL commander William McRaven says US under attack from Trump
The retired Navy admiral who oversaw.
Hillary Clinton suggests Russians are ‘grooming’ Tulsi Gabbard for third-party run
The comment appears to be directed.