Reports have emerged that several National Security Agency hacking tools that were stolen by Chinese intelligence agents were repurposed and used in attacks against private companies in Europe and Asia. Researchers with the firm Symantec found that tweaked versions of two N.S.A. tools, called Eternal Synergy and Double Pulsar, were being used by Chinese hackers as early as March 2016. Later, those tools were dumped on the internet and used to cause devastating attacks around the world.
Symantec researchers are not certain exactly how the Chinese obtained the American-developed code, but it has been speculated that the Chinese captured it from an N.S.A. attack on their own computers. Symantec did not explicitly name China in its research, but identified the attackers as the Buckeye group. That is Symantec’s own term for hackers identified by the Department of Justice as a Chinese Ministry of State Security contractor operating out of Guangzhou.
The Buckeye group reportedly used the stolen N.S.A. tools to attack specific targets in Belgium, Luxembourg, Vietnam, the Philippines and Hong Kong. Months later, in August 2016, an unidentified group that calls itself the Shadow Brokers first started releasing samples of the stolen tools on the internet. In April 2017, the group released its entire collection of N.S.A. exploits on the web.
The Shadow Brokers’ release forced the N.S.A. to turn to Microsoft to patch the software vulnerabilities in its hacking tools. In the meantime, the tools were used by North Korean and Russian hackers to create havoc around the world. The British health care system was crippled, Ukrainian services, including the airport and A.T.M.s., were shut down, and the shipping corporation Maersk had to halt operations. The stolen tools continued to be used in attacks through last September against targets in Europe and Asia.