Sign up for our daily briefing

Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa Bay news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa Bay

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Charlotte news in your inbox

Catch up on the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

The entrance to NSA headquarters. Photo Saul Loeb/Getty Images

A China-linked espionage group weaponized an NSA hacking tool for its own uses a year before that tool was leaked by a group of hackers called the Shadow Brokers, Symantec reports.

Why it matters: There's a delicate balance governments have to weigh when they develop high tech hacking tools: Every tool relies on a security flaw that a company could fix if the government chose to notify them rather than exploit it for espionage. If third parties like China co-opt the tool or make use of the same vulnerability, that opens the way for other attackers to follow the same route.

Background: The Shadow Brokers leaked tools from the NSA's vaunted "Equation Group" starting in the summer of 2016 and continuing through 2017.

  • The tools were particularly potent; some of them were used in the devastating global NotPetya and WannaCry cyberattacks, both of which caused billions of dollars in damages.
  • But in March 2016, well before the the Shadow Brokers released a tool called "Double Pulsar," a group known alternately as Gothic Panda, APT 3 and Buckeye (the name Symantec uses) had already started using the tool in its own malware.
  • Buckeye appeared to go silent in 2017 after the Department of Justice indicted three operatives.

Details: Symantec does not attribute Buckeye to China. However, the U.S. and other private cybersecurity companies do.

  • The attacks from Buckeye also incorporated another security flaw exploited by the NSA toolkit without using the specific code, as well as a never before seen security vulnerability in Microsoft Windows, which Microsoft patched last month.
  • The attacks targeted telecommunications, education, research and scientific outfits in Belgium, Luxembourg, Hong Kong, Vietnam and the Philippines.
  • The Buckeye tools continued to be used into 2018. That means Buckeye either lasted longer than previously thought or handed off its tools to others.

The Shadow Brokers and Buckeye appear to have obtained different versions of DoublePulsar.

Go deeper

Dan Primack, author of Pro Rata
1 hour ago - Economy & Business

Scoop: Red Sox strike out on deal to go public

Illustration: Sarah Grillo/Axios

The parent company of the Boston Red Sox and Liverpool F.C. has ended talks to sell a minority ownership stake to RedBall Acquisition, a SPAC formed by longtime baseball executive Billy Beane and investor Gerry Cardinale, Axios has learned from multiple sources. An alternative investment, structured more like private equity, remains possible.

Why it matters: Red Sox fans won't be able to buy stock in the team any time soon.

Trump political team disavows "Patriot Party" groups

Marine One carries President Trump away from the White House on Inauguration Day. Photo: Patrick Smith/Getty Images

Donald Trump's still-active presidential campaign committee officially disavowed political groups affiliated with the nascent "Patriot Party" on Monday.

Why it matters: Trump briefly floated the possibility of creating a new political party to compete with the GOP — with him at the helm. But others have formed their own "Patriot Party" entities during the past week, and Trump's team wants to make clear it has nothing to do with them.