In the report, the cybersecurity company Symantec claims that a Chinese hacker group associated with Chinese government intelligence conducted a hacking campaign using a tool that at the time was only known to be the property of the NSA.
While Chinese government hackers are prolific spies around the world, they apparently only used their NSA tool sparingly.
“When they were in action, they were pretty noisy, they hit a lot of targets,” Eric Chien, a fellow at Symantec, told CNN.
“But the number of targets that we’ve been able to recover so far that used this exploit was very few. They saw it was high value and didn’t want to use it everywhere,” he said.
The findings muddy the timeline of an already strange episode in the NSA’s recent history. In 2016, a group calling itself Shadow Brokers appeared online in 2016 and began leaking the agency’s tools.
In April 2017 — after the last known incident in which the Chinese hackers used the NSA tool, but before the US indictment prompted that operation to go dark — Shadow Brokers released their most damaging set of NSA tools. That included one Windows exploit that both North Korea and Russian intelligence services used to create the two most damaging ransomware strains in history, prompting international condemnation.
But those were different variants of the NSA tools than the ones Symantec found that China was using.
It’s unclear how the tool got into Chinese hands. The NSA didn’t respond to request for comment.
“We’re in a very murky place,” John Hulquist, director of intelligence at FireEye, a company that extensively tracks Chinese hacking, told CNN.
“This report raises a lot of questions that are still unanswered.”
In response to the claims, China’s Ministry of Foreign Affairs echoed China’s common refrain when it is accused of hacking US targets. Spokesperson Geng Shuang denied the report, claiming to CNN that “those who criticize or accuse us have never produced any concrete evidence.”
“China uses a variety of methods to acquire foreign military and dual-use technologies, including targeted foreign direct investment, cyber theft, and exploitation of private Chinese nationals’ access to these technologies, as well as harnessing its intelligence services, computer intrusions, and other illicit approaches,” the congressionally mandated Department of Defense report said.
CNN’s Steven Jiang and Ryan Browne contributed to this report.
more recommended stories
Kobe Bryant helicopter crash: NTSB details the final moments
Radar data indicated the helicopter climbed.
Authorities battle Atlantic storm to intercept cocaine yacht
An international drug operation involving authorities.
Jake Tapper: Trump's team is denying one of the most shocking facts
CNN’s Jake Tapper calls out deputy.
Multiple family members shot, killed in alleged targeted home invasion
A 10-year-old boy was shot and.
Pompeo’s interview shows he doesn’t respect the free press (opinion)
The statement accuses Kelly of lying.
UN health chief visits China to help with virus containment
BEIJING — 11:20 p.m. The director-general.
Fact check: Trump falsely claims House Democrats never asked John Bolton to testify
The New York Times reported that.
Kobe Bryant’s off-the-court legacy Video
Transcript for Kobe Bryant’s off-the-court legacy.
New York Times: Bolton book draft says Trump tied Ukraine aid to political investigations
A source with direct knowledge of.
Dow Jones sinks more than 400 points amid coronavirus uncertainty
Global stocks slid Monday as coronavirus.