Chinese spies cloned and actively used cyber offensive tool codes, developed by the U.S. National Security Agency, for their hacking operations, according to a report by Check Point Software Technologies.

The U.S. version of the tool was cloned by a Chinese-affiliated attack group labelled APT 31 or Zirconium in 2014, the report said.

The malware dubbed “Jian” was used until 2015 before the attack tool was caught and reported to Microsoft by Lockheed Martin’s Computer Incident Response Team, hinting at a possible attack against an American target. It was patched in March 2017.

Continue reading...

Chinese spies used code first developed by the U.S. National Security Agency to support their hacking operations, Israeli researchers said on Monday, another indication of how malicious software developed by governments can boomerang against their creators.

Tel Aviv-based Check Point Software Technologies issued a report noting that some features in a piece of China-linked malware it dubs “Jian” were so similar they could only have been stolen from some of the National Security Agency break-in tools leaked to the internet in 2017.

Yaniv Balmas, Checkpoint’s head of research, called Jian “kind of a copycat, a Chinese replica.”

The find comes as some experts argue that American spies should devote more energy to fixing the flaws they find in software instead of developing and deploying malicious software to exploit it.

The NSA declined comment. The Chinese Embassy in Washington did not respond to requests for comment.