A discovered malware sample uses code from the NSA and a Chinese hacking group

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/eset-shadow-brokers-nsa-winnti-china/

By Shannon Vavra
CYBERSCOOP
May 7, 2020

Good hackers steal, great hackers borrow.

According to new research from ESET, a code obfuscation tool that’s been linked 
to Chinese-based hackers has been used in tandem with an implant that has been 
attributed to Equation Group, a hacking faction that is broadly believed to 
have ties to the National Security Agency.

ESET says the obfuscation tool is linked with Winnti Group, while the implant, 
known as PeddleCheap, appeared in an April 2017 leak from the mysterious group 
known as the Shadow Brokers.

It’s unclear if the sample was used in a malicious campaign or if it’s the 
product of a security researcher experimenting with different tools, according 
to Marc-Étienne Léveillé, a malware researcher at ESET. It was uploaded to 
malware-sharing repository VirusTotal in 2017, according to Léveillé.

The Winnti-linked packer was used in a series of intrusions at gaming 
organizations in 2018, which ESET has previously documented.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_