In the report, the cybersecurity company Symantec claims that a Chinese hacker group associated with Chinese government intelligence conducted a hacking campaign using a tool that at the time was only known to be the property of the NSA.
While Chinese government hackers are prolific spies around the world, they apparently only used their NSA tool sparingly.
“When they were in action, they were pretty noisy, they hit a lot of targets,” Eric Chien, a fellow at Symantec, told CNN.
“But the number of targets that we’ve been able to recover so far that used this exploit was very few. They saw it was high value and didn’t want to use it everywhere,” he said.
The findings muddy the timeline of an already strange episode in the NSA’s recent history. In 2016, a group calling itself Shadow Brokers appeared online in 2016 and began leaking the agency’s tools.
In April 2017 — after the last known incident in which the Chinese hackers used the NSA tool, but before the US indictment prompted that operation to go dark — Shadow Brokers released their most damaging set of NSA tools. That included one Windows exploit that both North Korea and Russian intelligence services used to create the two most damaging ransomware strains in history, prompting international condemnation.
But those were different variants of the NSA tools than the ones Symantec found that China was using.
It’s unclear how the tool got into Chinese hands. The NSA didn’t respond to request for comment.
“We’re in a very murky place,” John Hulquist, director of intelligence at FireEye, a company that extensively tracks Chinese hacking, told CNN.
“This report raises a lot of questions that are still unanswered.”
In response to the claims, China’s Ministry of Foreign Affairs echoed China’s common refrain when it is accused of hacking US targets. Spokesperson Geng Shuang denied the report, claiming to CNN that “those who criticize or accuse us have never produced any concrete evidence.”
“China uses a variety of methods to acquire foreign military and dual-use technologies, including targeted foreign direct investment, cyber theft, and exploitation of private Chinese nationals’ access to these technologies, as well as harnessing its intelligence services, computer intrusions, and other illicit approaches,” the congressionally mandated Department of Defense report said.
CNN’s Steven Jiang and Ryan Browne contributed to this report.
more recommended stories
Ground bison meat responsible for E. coli outbreak in 7 states: CDC
Ground bison meat has been linked.
Why Jon Stewart fights for the 9/11 heroes (Opinion)
This does not surprise me, as.
WHO declares Congo Ebola outbreak a public health emergency of international concern
The World Health Organization has declared.
House passes bill extending 9/11 first responders funding for decades
The bill easily cleared the House.
Trump administration stops sending kids to controversial Homestead migrant facility
The Trump administration has stopped placing.
Jon Stewart responds to Mitch McConnell
Jon Stewart, the former host of.
House holds Attorney General Barr, Commerce Secretary Ross in contempt of Congress
The House of Representatives voted 230-198.
Mitch McConnell vows to fully fund 9/11 victim fund after Jon Stewart plea
McConnell told Fox News he couldn’t.
House to vote on Trump impeachment resolution after ‘racist’ tweets
The House has voted to table.
Jon Stewart gives angry speech to Congress over bill
Former late night host and 9/11.