(US Military Hired Amazon To Store Sensitive Data, Secrets Stolen By China)
(US Army Data Hacked In 2017, Stored On Amazon S3 Servers)
(NSA Files Left Exposed Online on Amazon S3 Server, Hacked)
(Amazon S3 Servers NOT Secure!) <---- You would think they'd give a shit at this point!
A leading cybersecurity firm found evidence Chinese intelligence operatives repurposed National Security Agency hacking technology in 2016 to attack American allies and private firms in Europe and Asia, according to the New York Times.
Researchers with Symantec believe the Chinese government captured the code from an NSA attack on their own systems rather than stealing it, according to the article. The hacking group that repurposed the tools has committed several attacks on U.S. targets including space, satellite and nuclear propulsion tech manufacturers, according the Times, citing a classified agency memo.
Some of the same tools were also dumped online by an unidentified group calling itself the Shadow Brokers, later used by North Korean and Russian intelligence, according to the Times, although there is no apparent connection between the Chinese acquisition and Shadow Brokers’ activity.
While Symantec is not sure how the Chinese got the code, Chinese intelligence contractors have used the tools to conduct cyber-warfare in Belgium, Hong Kong, Luxembourg, the Philippines and Vietnam, according to the Times, with targets ranging from schools and scientific research to the government of a U.S. ally. In one case, an operation against a telecommunications network may have led them to obtain as many as millions of private communications, according to Symantec.
Symantec’s research does not explicitly identify the Chinese government, instead referencing “the Buckeye group,” the firm’s term for a team of hackers identified by both the Justice Department and private firms as a contractor for China’s Ministry of State, according to the report. The Justice Department indicted three hackers connected to the group in 2017.
“This is the first time we’ve seen a case — that people have long referenced in theory — of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” Eric Chien, a security director at Symantec, told the Times.
Message too long. Click here to view full text.