Chinese spies have used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said Monday, another indication of how malicious software developed by governments could be a boomerang. against their creators.
Tel Aviv-based Check Point software technology issues a report Noting that some features of some of China-related malware, which he calls “Jian”, are so similar that they could only have been stolen from some of the National Security Agency’s hacking tools leaked online in 2017 .
Yaniv Balmas, head of the Checkpoint study, called Jian “a kind of copy, a Chinese replica.”
The discovery comes as some experts argue that US spies need to devote more energy to fixing the flaws they find in the software, instead of developing and using malware to use it.
The NSA declined to comment. The Chinese embassy in Washington did not respond to requests for comment.
A person familiar with the matter said Lockheed Martin – who is believed to have identified the vulnerability exploited by Jian in 2017 – found it on the network of an unidentified third party.
In a statement, Lockheed said it “routinely evaluates third-party software and technology to identify vulnerabilities.”
Countries around the world are developing malware that infiltrates their competitors’ devices, taking advantage of flaws in the software that manages them. Each time spies discover a new flaw, they must decide whether to use it quietly or fix the problem to thwart rivals and crooks.
This dilemma came to public attention between 2016 and 2017, when a mysterious group calling itself Shadow Brokers published some of the most dangerous NSA codes on the Internet, allowing cybercriminals and rival countries to add US digital tools. breaking into their own arsenals.
It is not clear how the Jian malware analyzed by Checkpoint was used. In a recommendation published in 2017, Microsoft suggested it was linked to a Chinese entity called zirconium, which last year was accused of targeting U.S. election-related organizations and individuals, including people linked to the president Joe Biden campaign.
Checkpoint says Jian appears to have been created in 2014, at least two years before Shadow Brokers made its public debut. This, along with research published in 2019 by Broadcomowned by cybersecurity firm Symantec for a similar incident, suggests the NSA has repeatedly lost control of its own malware over the years.
Checkpoint’s research is in-depth and “seems legitimate,” said Costin Raiu, a researcher at Kaspersky Lab, a Moscow-based antivirus firm that helped dissect some of the NSA’s malware.
Balmas said a possible claim from his company’s report was for spymasters to decide whether to keep software flaws a secret in order to think twice about using the vulnerability for their own purposes.
“Maybe it’s more important to patch this thing up and save the world,” Balmas said. “It can be used against you.”
© Thomson Reuters 2021
Is the Samsung Galaxy S21 + the ideal flagship for most Indians? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts,, Google Podcasts, or RSS,, download the episodeor just press the play button below.