The Shadow Brokers hacking group obtained hacking tools in 2017, which led to a number of major incidents around the world, including a massive attack using the WannaCry ransomware. The group was reported to have stolen hacking tools from the US National Security Agency, but it was not clear how they managed to do this. Now it has become known that Symantec experts have conducted an analysis on the basis of which it can be assumed that the hacking tools were stolen from the NSA by Chinese intelligence agents.
Symantec found that the Buckeye hacking group, allegedly working for the Chinese Ministry of State Security, used NSA tools a year before the first Shadow Brokers incident occurred. Symantec believes that the Buckeye group acquired the hacking tools during the NSA attack, after which they were modified.
The report also says that the Buckeye hackers may well be involved in this, since earlier representatives of the NSA stated that this group is one of the most dangerous. Among other things, Buckeye was held responsible for the attack on American space technology manufacturers and some energy companies. Symantec experts say that modified NSA tools were used in attacks on research organizations, educational institutions and other infrastructure facilities from around the world.
Symantec believes it is high time for U.S. intelligence agencies to seriously consider the possibility that U.S.-developed tools could be seized and used against the U.S. state. It was also noted that Symantec was unable to find any evidence that the Buckeye hackers used tools stolen from the NSA to attack facilities located on US soil.