In the report, the cybersecurity company Symantec claims that a Chinese hacker group associated with Chinese government intelligence conducted a hacking campaign using a tool that at the time was only known to be the property of the NSA.
While Chinese government hackers are prolific spies around the world, they apparently only used their NSA tool sparingly.
“When they were in action, they were pretty noisy, they hit a lot of targets,” Eric Chien, a fellow at Symantec, told CNN.
“But the number of targets that we’ve been able to recover so far that used this exploit was very few. They saw it was high value and didn’t want to use it everywhere,” he said.
The findings muddy the timeline of an already strange episode in the NSA’s recent history. In 2016, a group calling itself Shadow Brokers appeared online in 2016 and began leaking the agency’s tools.
In April 2017 — after the last known incident in which the Chinese hackers used the NSA tool, but before the US indictment prompted that operation to go dark — Shadow Brokers released their most damaging set of NSA tools. That included one Windows exploit that both North Korea and Russian intelligence services used to create the two most damaging ransomware strains in history, prompting international condemnation.
But those were different variants of the NSA tools than the ones Symantec found that China was using.
It’s unclear how the tool got into Chinese hands. The NSA didn’t respond to request for comment.
“We’re in a very murky place,” John Hulquist, director of intelligence at FireEye, a company that extensively tracks Chinese hacking, told CNN.
“This report raises a lot of questions that are still unanswered.”
In response to the claims, China’s Ministry of Foreign Affairs echoed China’s common refrain when it is accused of hacking US targets. Spokesperson Geng Shuang denied the report, claiming to CNN that “those who criticize or accuse us have never produced any concrete evidence.”
“China uses a variety of methods to acquire foreign military and dual-use technologies, including targeted foreign direct investment, cyber theft, and exploitation of private Chinese nationals’ access to these technologies, as well as harnessing its intelligence services, computer intrusions, and other illicit approaches,” the congressionally mandated Department of Defense report said.
CNN’s Steven Jiang and Ryan Browne contributed to this report.
more recommended stories
Strongmen rush to remake the world order as Trump faces potential election defeat
It is no coincidence that Putin.
After 13 tons of human hair products seized, US warns about importing from Xinjiang, China
Authorities in New York seized about.
US coronavirus: Skip the July Fourth parties, experts warn
Coronavirus cases are rising in 36.
Trump boasts about accomplishments in July 4th video
President Donald Trump on Saturday afternoon.
What it’s like at US beaches on Fourth of July weekend during a pandemic
Major commercial laboratories in the United.
Swiss zookeeper dies after tiger attack inside enclosure
The zoo in Switzerland’s biggest city.
First half of 2020 year in review
We regret to inform you that.
America could run out of fireworks this weekend. Here's why
International supply chains, a pandemic during.
Seattle protesters: 2 women injured when car drives into crowd, police say
A suspect faces multiple felony charges,.
Sheriff warns protesters he will deputize gun owners
A Florida sheriff is warning protesters.