May 7, 2019

China-linked group used NSA hacking tools before they leaked

The entrance to NSA headquarters. Photo Saul Loeb/Getty Images

A China-linked espionage group weaponized an NSA hacking tool for its own uses a year before that tool was leaked by a group of hackers called the Shadow Brokers, Symantec reports.

Why it matters: There's a delicate balance governments have to weigh when they develop high tech hacking tools: Every tool relies on a security flaw that a company could fix if the government chose to notify them rather than exploit it for espionage. If third parties like China co-opt the tool or make use of the same vulnerability, that opens the way for other attackers to follow the same route.

Background: The Shadow Brokers leaked tools from the NSA's vaunted "Equation Group" starting in the summer of 2016 and continuing through 2017.

  • The tools were particularly potent; some of them were used in the devastating global NotPetya and WannaCry cyberattacks, both of which caused billions of dollars in damages.
  • But in March 2016, well before the the Shadow Brokers released a tool called "Double Pulsar," a group known alternately as Gothic Panda, APT 3 and Buckeye (the name Symantec uses) had already started using the tool in its own malware.
  • Buckeye appeared to go silent in 2017 after the Department of Justice indicted three operatives.

Details: Symantec does not attribute Buckeye to China. However, the U.S. and other private cybersecurity companies do.

  • The attacks from Buckeye also incorporated another security flaw exploited by the NSA toolkit without using the specific code, as well as a never before seen security vulnerability in Microsoft Windows, which Microsoft patched last month.
  • The attacks targeted telecommunications, education, research and scientific outfits in Belgium, Luxembourg, Hong Kong, Vietnam and the Philippines.
  • The Buckeye tools continued to be used into 2018. That means Buckeye either lasted longer than previously thought or handed off its tools to others.

The Shadow Brokers and Buckeye appear to have obtained different versions of DoublePulsar.

Go deeper

Republicans sue California over mail-out ballot plan

California Gov. Gavin Newsom during a February news conference in Sacramento, California. Photo: Justin Sullivan/Getty Images

Republicans filed a lawsuit against California in an attempt to stop Gov. Gavin Newsom (D) from mailing ballots to all registered voters ahead of the November general election.

Driving the news: Newsom signed an executive order this month in response to the coronavirus pandemic ensuring that all registered voters in the state receive a mail-in ballot.

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 7 p.m. ET: 5,383,582 — Total deaths: 344,077 — Total recoveries — 2,158,031Map.
  2. U.S.: Total confirmed cases as of 7 p.m. ET: 1,640,972 — Total deaths: 97,679 — Total recoveries: 366,736 — Total tested: 14,163,195Map.
  3. World: White House announces travel restrictions on Brazil, coronavirus hotspot in Southern Hemisphere Over 100 coronavirus cases in Germany tied to single day of church services — Boris Johnson backs top aide amid reports that he broke U.K. lockdown while exhibiting symptoms.
  4. Public health: Officials are urging Americans to wear masks headed into Memorial Day weekend Report finds "little evidence" coronavirus under control in most statesHurricanes, wildfires, the flu could strain COVID-19 response
  5. Economy: White House economic adviser Kevin Hassett says it's possible the unemployment rate could still be in double digits by November's election — Public employees brace for layoffs.
  6. Federal government: Trump attacks a Columbia University study that suggests earlier lockdown could have saved 36,000 American lives.
  7. What should I do? Hydroxychloroquine questions answeredTraveling, asthma, dishes, disinfectants and being contagiousMasks, lending books and self-isolatingExercise, laundry, what counts as soap — Pets, moving and personal healthAnswers about the virus from Axios expertsWhat to know about social distancingHow to minimize your risk.
  8. Other resources: CDC on how to avoid the virus, what to do if you get it, the right mask to wear.

Subscribe to Mike Allen's Axios AM to follow our coronavirus coverage each morning from your inbox.

Updated 1 hour ago - Politics & Policy

Federal judge strikes down Florida law requiring felons to pay fines before voting

Gov. Ron DeSantis. Photo: oe Raedle/Getty Images

A federal judge on Sunday ruled that a Florida law requiring convicted felons to pay all court fines and fees before registering to vote is unconstitutional.

Why it matters: The ruling, which will likely be appealed by state Republicans, would clear the way for hundreds of thousands of ex-felons in Florida to register to vote ahead of November's election.