The mystery surrounding the misappropriation of some of the National Security Agency’s most effective cyberweapons deepened recently when a Chinese hacking group known as Buckeye, APT3, and Gothic Panda utilized NSA exploits and attack tools EternalRomance and EternalSynergy. It remains unclear how they obtained the NSA tools though both were released by the Shadow Brokers.
In the report released by Symantec, the exploited tools came from The Equation Group, allegedly NSA’s offensive cyber operations unit. “The purpose of all the attacks was to acquire a persistent presence on the victim’s network, meaning information theft was the most likely motive of the attacks,” Symantec writes.
The attack raises valid concerns about the U.S. Vulnerabilities Equities Process, a process where the U.S. discloses software vulnerabilities to vendors so they can be fixed. However, unpatched vulnerabilities are how U.S. cyber spies infiltrate other systems. Unreported vulnerabilities put other countries at risk. Many experts believe Buckeye, who began using a variant of the DoublePulsar backdoor in March 2016, work with China’s intelligence agency.
Debate rages on over how late is too late to disclose software flaws that give the U.S. a cyber advantage. Deploying vulnerability exploits give hackers an opportunity to reverse engineer or discover those vulnerabilities too.