The entrance to NSA headquarters. Photo Saul Loeb/Getty Images

A China-linked espionage group weaponized an NSA hacking tool for its own uses a year before that tool was leaked by a group of hackers called the Shadow Brokers, Symantec reports.

Why it matters: There's a delicate balance governments have to weigh when they develop high tech hacking tools: Every tool relies on a security flaw that a company could fix if the government chose to notify them rather than exploit it for espionage. If third parties like China co-opt the tool or make use of the same vulnerability, that opens the way for other attackers to follow the same route.

Background: The Shadow Brokers leaked tools from the NSA's vaunted "Equation Group" starting in the summer of 2016 and continuing through 2017.

  • The tools were particularly potent; some of them were used in the devastating global NotPetya and WannaCry cyberattacks, both of which caused billions of dollars in damages.
  • But in March 2016, well before the the Shadow Brokers released a tool called "Double Pulsar," a group known alternately as Gothic Panda, APT 3 and Buckeye (the name Symantec uses) had already started using the tool in its own malware.
  • Buckeye appeared to go silent in 2017 after the Department of Justice indicted three operatives.

Details: Symantec does not attribute Buckeye to China. However, the U.S. and other private cybersecurity companies do.

  • The attacks from Buckeye also incorporated another security flaw exploited by the NSA toolkit without using the specific code, as well as a never before seen security vulnerability in Microsoft Windows, which Microsoft patched last month.
  • The attacks targeted telecommunications, education, research and scientific outfits in Belgium, Luxembourg, Hong Kong, Vietnam and the Philippines.
  • The Buckeye tools continued to be used into 2018. That means Buckeye either lasted longer than previously thought or handed off its tools to others.

The Shadow Brokers and Buckeye appear to have obtained different versions of DoublePulsar.

Go deeper

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 10 p.m. ET: 32,471,119 — Total deaths: 987,593 — Total recoveries: 22,374,557Map.
  2. U.S.: Total confirmed cases as of 10 p.m. ET: 7,032,524 — Total deaths: 203,657 — Total recoveries: 2,727,335 — Total tests: 99,483,712Map.
  3. States: "We’re not closing anything going forward": Florida fully lifts COVID restaurant restrictions — Virginia Gov. Ralph Northam tests positive for coronavirus.
  4. Health: Young people accounted for 20% of cases this summer.
  5. Business: Coronavirus has made airports happier places The expiration of Pandemic Unemployment Assistance looms.
  6. Education: Where bringing students back to school is most risky.
Mike Allen, author of AM
5 hours ago - Politics & Policy

Biden pushes unity message in new TV wave

A fresh Joe Biden ad, "New Start," signals an effort by his campaign to make unity a central theme, underscoring a new passage in his stump speech that says he won't be a president just for Democrats but for all Americans.

What he's saying: The ad — which began Friday night, and is a follow-up to "Fresh Start" — draws from a Biden speech earlier in the week in Manitowoc, Wisconsin:

Trump prepares to announce Amy Coney Barrett as Supreme Court replacement

Judge Amy Coney Barrett. Photo: Matt Cashore/Notre Dame University via Reuters

President Trump is preparing to nominate federal appeals court Judge Amy Coney Barrett of Indiana, a favorite of both the social conservative base and Republican elected officials, to succeed Justice Ruth Bader Ginsburg, Republican sources tell Axios.

Why it matters: Barrett would push the already conservative court further and harder to the right, for decades to come, on the most important issues in American politics — from abortion to the limits of presidential power. If confirmed, she would give conservatives a 6-3 majority on the high court.