Chinese intelligence agencies intercepted cyberweapons NSA

Chinese intelligence intercepted the code of cyber weapons used by the United States in the attack on its computers and gave it to hackers who used it to penetrate the network of us allies.

Chinese intelligence agencies intercepted American cyberweapons during the attack of us national security Agency (NSA) on Chinese servers in 2016 and used them in the attack against American allies and private European and Asian companies, writes The New York Times, citing the findings of IT-company Symantec.

As writes the edition, in 2017 intercepted by Chinese tools used by the hacker’s group Shadow Brokers associated with North Korea and Russia for a massive cyber attack by shipovalnikov under the title NotPetya. Their goal was Ukraine and European companies. Only container carrier Maersk lost about $300 million from attacks.

The revised us code was used in attacks on at least five countries — Belgium, Luxembourg, Vietnam, the Philippines, and Hong Kong. One attack on a major telecommunications company gave hackers access to millions of private messages, Symantec said.

The interception of code by hackers raises the question of whether the United States should continue to develop the most high-tech secret types of cyber weapons if it cannot keep them under control.

As previously reported “News.Economics”, hacking tools of the national security Agency (NSA) of the United States, published by the shadow Brokers group in 2017, seen in espionage campaigns aimed at enterprises in the aerospace industry, nuclear energy, research and production, and other areas.

We are talking about the programs DarkPulsar, DanderSpritz and Fuzzbunch, which, according to Kaspersky Lab, were used by attackers to infect systems based on Windows Server 2003 and 2008 in Russia, Iran and Egypt.

The first framework, Fuzzbunch, consists of plugins of different categories used for exploration, exploits and the study of already controlled machines. The purpose of Fuzzbunch is to combine a variety of utilities for ease of use and the ability to combine them, for example, when the output parameters of one utility are the input parameters for another.


The second framework, DanderSpritz, is more of a medium for control is already compromised, hosts. It is written in Java and provides a graphical interface with Windows, buttons, and menus. Similar interfaces can be seen in the administrative panels for managing botnets. DanderSpritz includes its own backdoors and plugins to manage infected machines and is not related to FuzzBunch. Thus, FuzzBunch and DanderSpritz are independent platforms for cyber espionage, which, however, have common features, since they are created, apparently, by one manufacturer.

As noted above, FuzzBunch contains various types of plugins, most of which are designed to study victims, exploit vulnerabilities, work remotely with task scheduler, registry, file system, etc.

One of the plugins to control infected machines is DarkPulsar — a backdoor that provides remote control functions. It works on the side of an infected user and allows attackers to gain remote access to infected computers. Once on the system, attackers can use DanderSpritz to monitor and extract data from the compromised system.

The goals are companies and organizations related to nuclear power, telecommunications, information and aerospace technologies, and research and production enterprises.

It is worth noting that this is not the first time when the US NSA has lost control over the developed in the office Arsenal of cyber weapons and various tools for hacking operating systems and identity theft.

In May 2017, the Financial Times, as well as a number of other media reported that hackers are trying to sell the EsteemAudit program, which was developed by the NSA. It is reported that malicious software designed to hack Windows, was put up for sale in the so-called “dark web” (dark web) – a segment of the Internet, which requires special programs to access.

A little earlier, after the spread of malware WannaCry, President and General counsel of Microsoft Brad Smith in the official blog of the American company said that we are talking about a global cyber attack using a program developed by the US NSA.

READ:  Russia will do without aircraft carriers

Microsoft’s top Manager compared the use of malicious software by hackers, the NSA with the theft and use of cruise missiles: “One of these programs was stolen from the NSA and affected consumers around the world. Programmes developed by governments have repeatedly become public domain and have caused serious damage. A similar scenario with conventional weapons would be the theft of Tomahawk cruise missiles from us Armed forces.

War in cyberspace and cyberterrorism can lead to accidents at nuclear power plants, the destruction of hydroelectric power plants, transport, and other infrastructure disasters, approaching weapons of mass destruction in their destructive consequences. In addition, the scenario where cyber weapons in the event of a leak can be copied and distributed, for example, by terrorist groups, poses a considerable danger.

The UN is considering a moratorium on cyber weapons, and experts are preparing a framework for global arrangements to control the use of information and communication technologies (ICT) to prevent them from becoming weapons comparable in their destructive potential to nuclear or chemical weapons.

The main differences are the definition of the boundaries of sovereignty in cyberspace, the formulation of the concepts of cyber aggression, the difference between espionage and preparation for cyber version, etc. According to Western experts, the existing rules of international law defining the concepts of military conflicts and the response to aggression, are quite applicable in the field of conflicts in cyberspace, allowing you to control this new type of warfare.

Russian experts, on the contrary, traditionally emphasize the inexpediency of applying the existing norms of international law to cyberspace because of the difficulties in identifying the country from which the attack originates. These and other reasons give grounds to advocate for a complete ban on the use of cyber weapons.