Cybersecurity

China’s APT3 Pilfers Cyberweapons from the NSA

The advanced persistent threat (APT) group known as APT3, which researchers across the board link to the Chinese government, has built a full in-house battery of exploits and cybertools collectively dubbed “UPSynergy.” An analysis of the toolkit has uncovered a geopolitical cat-and-mouse spy game: It turns out that many parts of the package are likely gleaned from watching attacks by the National Security Agency’s Equation Group APT on target networks where APT3 also has a presence.

Prior research from Symantec shows that APT3 was able to acquire a variant of the NSA-developed cyberweapon known as EternalRomance – prior to the Shadow Brokers leak of the spy agency’s arsenal in 2017. It has been a bit of a mystery as to how APT3 accomplished that – but research from Check Point offers a hypothesis.

“The threat group known as APT3 recreated its own version of an Equation group exploit using captured network traffic,” according to the analysis, published Thursday. “We believe that this artifact was collected during an attack conducted by the Equation Group against a network monitored by APT3, allowing it to enhance its exploit arsenal with a fraction of the resources required to build the original tool…One possible modus operandi – the Chinese collect attack tools used against them, reverse-engineer and reconstruct them to create equally strong digital weapons.”