Tag Archives: Chinese National Military Strategy

Chinese Hackers Found And Repurposed Elite NSA-Linked Tools

Image: Istock


A hacking group with ties to Chinese intelligence has been using tools linked to the National Security Agency as far back as March 2016, according to research from security firm Symantec.


“The tools include some released by the Shadow Brokers, a mysterious group that dumped computer exploits once used by the NSA on the open internet in April 2017. Symantec’s research suggests that the Chinese-linked group, which the company calls “Buckeye,” was using the same NSA-linked tools at least a year before they were publicly leaked.

According to Symantec, one of the tools used by Buckeye was DoublePulsar, a backdoor implant that allows attackers to stealthily collect information and run malicious code on a target’s machine. DoublePulsar was used in conjunction with another tool, which Symantec calls Trojan.Bemstour, that took advantage of various Microsoft Windows vulnerabilities in order to secretly siphon information off targeted computers.

The Trojan.Bemstour exploit allowed attackers to remotely manipulate a machine’s kernel, the core part of a computer’s operating system that manages resources such as memory. When put into action, the exploit can pull sensitive information from a targeted machine or can be combined in conjunction with other vulnerabilities to take control of the kernel.

One of the vulnerabilities was patched in March 2017. The other was reported by Symantec to Microsoft in September 2018 and patched in March 2019.

Buckeye used the tools in attacks that hit telecommunications companies, firms dedicated to scientific research and education institutions from March 2016 to the middle of 2017, according to Symantec. The group hit organizations in Belgium, Hong Kong, Luxembourg, the Philippines and Vietnam.

NSA china hacking tools
An inforgraphic that shows the timeline of Buckeye’s use of NSA tools. (Symantec)

DoublePulsar has been linked to the Equation Group, an elite hacking team that the cybersecurity community has long attached to the NSA. One of the vulnerabilities leveraged by Trojan.Bemstour was also used by two other Equation Group exploits — EternalRomance and EternalSynergy — that were included in the Shadow Brokers’ April 2017 dump.

“How Buckeye obtained Equation Group tools at least a year prior to the Shadow Brokers leak remains unknown,” a blog post from Symantec reads.

The company does state there’s a possibility that Buckeye may have developed its own version of the tools after possibly observing an Equation Group attack and reverse-engineering the malware it caught by monitoring network traffic.

Buckeye — also known as APT3, Boyusec or Gothic Panda — has not been active since 2017, researchers said. Symantec found, however, that development of Trojan.Bemstour continued into 2019. The company said the most recent version of the exploit was complied on March 23 — 11 days after Microsoft patched the last associated vulnerability. It is unclear who continued to use the tools in 2018 and 2019, according to Symantec.

Three alleged members of Buckeye were indicted in the U.S. in November 2017. At the time of the indictments, numerous cybersecurity researchers told CyberScoop there was a high probability that APT3 was linked with China’s Ministry of State Security (MSS). Serving as China’s civilian intelligence agency, analysts say the MSS has become Beijing’s preferred arm for conducting economic espionage.

The research comes days after the Department of Defense issued a report stating that China’s cyber-theft and cyber-espionage operations are accelerating to the point that they can “degrade core U.S. operational and technological advantages.”

“The threat and the challenge is persistent. The Chinese remain very aggressive in their use of cyber,” Assistant Secretary of Defense Randall G. Schriver said during a press briefing on the report.

The NSA did not return a request for comment.”

Here’s the Biggest Difference Between US and Chinese Military Policy




“The United States is preparing for never-ending war abroad. In China, the focus is eternal war at home.

On July 1, the U.S. published its new national military strategy, just a few months after China released its own. Taken together, they paint an interesting contrasting portrait of the military thinking guiding the two superpowers.

China’s document underlines a deepened commitment what it calls “civil-military integration.”

“And in response to the new requirement arising from China’s all-round and deepening reform, the armed forces will continue to follow the path of civil-military integration (CMI), actively participate in the country’s economic and social construction, and firmly maintain social stability, so as to remain a staunch force for upholding the CPC’s ruling position and a reliable force for developing socialism with Chinese characteristics,” it states.

Further on, the strategy document mentions efforts to “coordinate national defense development and economic development and deepen the integration of the military and civil sectors … joint exploration of the sea, outer space and air, and shared use of such resources as surveying and mapping, navigation, meteorology and frequency spectra.”

This adds up to an argument for “the intertwining of civilian science and technology sectors with its military as necessary to gain a leading edge over any potential adversary,” writesprivacy and international law researcher Heather Roff. “In short, it plans on embedding the military with everything.” What does that look like in real terms? An even more robust military-industrial complex than in the United States. But there’s something darker at work, too.

China has long been more focused on calming internal threats, or so-called “stability maintenance,” than outspending external enemies. If you think U.S. police are militarized, take a trip to Beijing. In 2014, China surpassed the U.S. as the world’s No. 1 market for surveillance equipment and technology. In 2011, as the Arab Spring was taking root across the Middle East, Beijing bumped spending on internal security by more than 13 percent to 624.4 billion yuan ($95 billion). That outpaced the budget for the Chinese Liberation Army, which rose 12.7 percent to 601.1 billion yuan. Not long after, China stopped publishing figures on how much it was spending for internal vs. external security. The CMI language in its new strategy document in many ways alludes to this continued focus on militarized policing as central to the country’s broader security strategy.

Contrast that with the U.S. military budget of $598 billion — far, far more than the Department of Justice (law enforcement) budget of about $30 billion. Consider also the content of theU.S. military strategy, which puts a special emphasis on the prolonged battles against terrorism: “We are more likely to face prolonged campaigns than conflicts that are resolved quickly… that control of escalation is becoming more difficult and more important… and that as a hedge against unpredictability with reduced resources, we may have to adjust our global posture.”