A Chinese hacking group considered to be the “most dangerous” by the NSA stole, copied, or reverse engineered the agency’s own hacking software – then use it against American allies and private companies in Europe and Asia during 2016 attacks, according to researchers with Symantec.
The Chinese hacking group that co-opted the N.S.A.’s tools is considered by the agency’s analysts to be among the most dangerous Chinese contractors it tracks, according to a classified agency memo reviewed by The New York Times. The group is responsible for numerous attacks on some of the most sensitive defense targets inside the United States, including space, satellite and nuclear propulsion technology makers. -New York Times
The swiped software (Backdoor.Doublepulsar) and its “custom exploit tool” installation software (Trojan.Bemstour) infects a computer’s memory, and remains even if DoublePulsar is removed. According to Symantec, these tools were used by the Chinese hacking group in 2016 (and shortly after leaked to the public by a group calling itself the Shadow Brokers).