https://www.cyberscoop.com/eset-shadow-brokers-nsa-winnti-china/
By Shannon Vavra
CYBERSCOOP
May 7, 2020
Good hackers steal, great hackers borrow.
According to new research from ESET, a code obfuscation tool that’s been linked
to Chinese-based hackers has been used in tandem with an implant that has been
attributed to Equation Group, a hacking faction that is broadly believed to
have ties to the National Security Agency.
ESET says the obfuscation tool is linked with Winnti Group, while the implant,
known as PeddleCheap, appeared in an April 2017 leak from the mysterious group
known as the Shadow Brokers.
It’s unclear if the sample was used in a malicious campaign or if it’s the
product of a security researcher experimenting with different tools, according
to Marc-Étienne Léveillé, a malware researcher at ESET. It was uploaded to
malware-sharing repository VirusTotal in 2017, according to Léveillé.
The Winnti-linked packer was used in a series of intrusions at gaming
organizations in 2018, which ESET has previously documented.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
