Navigation
  •  
A1F

China claims it captured NSA’s ‘global internet control’ spy tool

National Security Agency (NSA/Released)
March 15, 2022

A Chinese state-run publication reported on Monday that the Chinese government has captured surveillance tools developed by the U.S. National Security Agency (NSA).

On Monday, The Global Times — a tabloid published by the ruling Chinese Communist Party — claimed it received an exclusive report from China’s National Computer Virus Emergency Response Center, describing its capture of an NSA-developed Trojan virus known as “NOPEN.” The Chinese outlet claimed the NSA hacking tool was “found to have controlled global internet equipment and stole large amounts of users’ information.”

The “NOPEN” virus software is able to target Unix/Linux systems, allowing hackers to remotely access targeted systems. From there, a hacker may use the software to steal files, access systems, redirect network activity or view a target’s communications. “NOPEN” is reportedly known for both its comprehensive control abilities as well as its ability to be concealed within targeted systems.

While the Chinese outlet emphasized the exclusivity of its new reporting, the software was actually leaked about six years ago.

“NOPEN” was among several hacking tools contained in leaks published by a hacker group known as the Shadow Brokers in the summer of 2016. The Shadow Brokers published hacking tools purportedly belonging to another hacking group known as the Equation Group. The Equation Group has been suspected of being connected to an NSA cyber-warfare and intelligence outfit, called the Tailored Access Operations unit.

Global Times’ new reporting that the Chinese government obtained the “NOPEN” hacking tool is not the first time China has been suspected of copying NSA hacking tools. More than a year prior, the cybersecurity firm Check Point Research published a report alleging the Chinese government had obtained another Equation Group hacking tool known as “EpMe” and replicated it for their own uses. The report alleged a suspect Chinese hacking group used an “EpMe” replica known as “Jian” against a U.S. target as early as 2013 – three years before the first Shadow Brokers published the first set of Equation Group hacking tools.

Global Times said the NSA used “NOPEN” against a large number of internet devices around the world, stealing user data and inflicting “inestimable losses.” The Chinese publication further said “the leakage and proliferation of these cyber weapons further aggravate the increasingly severe network security situation” and “seriously endanger the overall security of the cyberspace, turning military confrontation in cyberspace into a ‘zero-sum’ game.”

Last week, the Chinese publication claimed the NSA has been conducting cyberattacks against 47 countries and regions for decades.

China has been involved in its own campaign of cyber hacks against the U.S. for years. Last year, the FBI accused China of targeting Microsoft Exchange with an exploit that could have jeopardized up to 250,000 servers. The U.S. has also accused China of attempting to steal U.S. COVID-19 vaccine research.