In the report, the cybersecurity company Symantec claims that a Chinese hacker group associated with Chinese government intelligence conducted a hacking campaign using a tool that at the time was only known to be the property of the NSA.
While Chinese government hackers are prolific spies around the world, they apparently only used their NSA tool sparingly.
“When they were in action, they were pretty noisy, they hit a lot of targets,” Eric Chien, a fellow at Symantec, told CNN.
“But the number of targets that we’ve been able to recover so far that used this exploit was very few. They saw it was high value and didn’t want to use it everywhere,” he said.
The findings muddy the timeline of an already strange episode in the NSA’s recent history. In 2016, a group calling itself Shadow Brokers appeared online in 2016 and began leaking the agency’s tools.
In April 2017 — after the last known incident in which the Chinese hackers used the NSA tool, but before the US indictment prompted that operation to go dark — Shadow Brokers released their most damaging set of NSA tools. That included one Windows exploit that both North Korea and Russian intelligence services used to create the two most damaging ransomware strains in history, prompting international condemnation.
But those were different variants of the NSA tools than the ones Symantec found that China was using.
It’s unclear how the tool got into Chinese hands. The NSA didn’t respond to request for comment.
“We’re in a very murky place,” John Hulquist, director of intelligence at FireEye, a company that extensively tracks Chinese hacking, told CNN.
“This report raises a lot of questions that are still unanswered.”
In response to the claims, China’s Ministry of Foreign Affairs echoed China’s common refrain when it is accused of hacking US targets. Spokesperson Geng Shuang denied the report, claiming to CNN that “those who criticize or accuse us have never produced any concrete evidence.”
“China uses a variety of methods to acquire foreign military and dual-use technologies, including targeted foreign direct investment, cyber theft, and exploitation of private Chinese nationals’ access to these technologies, as well as harnessing its intelligence services, computer intrusions, and other illicit approaches,” the congressionally mandated Department of Defense report said.
CNN’s Steven Jiang and Ryan Browne contributed to this report.
more recommended stories
Anderson Cooper: Trump must think we're all idiots
President Donald Trump tweeted interest in.
What matters this morning with ABC News’ George Stephanopoulos: Impeachment showdown
It’s Tuesday, Nov. 19, 2019. Here.
Trump’s aides eye moving impeachment witnesses out of White House jobs
The uncertain fate and public thrashing.
Little league umpire punched in face after fan disagrees with call
A man who punched a little.
David Holmes says he’s ‘never seen anything’ like Trump-Sondland call in restaurant
David Holmes, the political adviser at.
Taliban say they freed US, Australian hostage for 3 Taliban
Taliban say they freed 2 hostages,.
Impeachment hearing live: Jennifer Williams and Alexander Vindman testify publicly
Here are the latest developments in.
‘Start Here’: What to expect during today’s public impeachment hearings
It’s Tuesday, Nov. 19, 2019. Let’s.
Trump impeachment inquiry enters most crucial stage with top witnesses on deck
The coming days will also be.
US angers Palestinians with reversal on Israeli settlements
The Trump administration on Monday said.