A group called Shadow Brokers shared a series of tools for hackers in 2017, which were the cause of serious security breaches around the world, including the famous WannaCry attacks. The Shadow Brokers claimed at the time that the tools had been stolen from the US National Security Agency (NSA), but it was never found out how they would have been able to access them.
Now, a report from US cyber security company Symantec has revealed that the sources may have been Chinese intelligence agents, who seized the tools while the NSA attacked their computers. Symantec found that the Buckeye group, which works for the Chinese Security Ministry, had used these tools about a year before the Shadow Brokers episode.
According to The New York Times, Buckeye is one of the most dangerous Chinese groups. In addition to attacks on US space, satellite and nuclear-powered manufacturers, Symantec believes the group will have applied the tools seized to the NSA to research and education institutions in countries such as Belgium, Luxembourg, Vietnam and Hong Kong.
Confirming that Buckeye was in fact the source of the Shadow Brokers' leak, then it will also be indirectly responsible for the Wannacry attacks carried out by North Korean and Russian hackers using the same tools. These ransomware attacks paralyzed the UK's National Health Service, as well as crippling critical Ukrainian services such as post offices, airports and ATMs.
Eric Chien, director of security at Symantec, told the New York Times that US security services should, in cyber attacks, consider allowing their enemies to capture and redirect the tools developed by the United States. For Eric Chien, this is even the first case "where we see a group recover resources used against them and manage to use them to attack others."