A security firm, Check point has uncovered evidence that a Chinese group of hackers called APT31 was successful in gaining access to a Windows hacking tool, EpMe. The tool was developed and was under utilization by a group of hackers associated with the National Security Agency (NSA).
According to Check Point, a Chinese group was successful in building their own hacking tool from EpMe code in 2015. The Chinese hackers then used that tool, which Check Point terms as “Jian” or “double-edged sword,” from 2015 until March 2017, when the Windows vulnerability (CVE-2017-0005) it was exploiting was patched by Microsoft.
“Jian was reported to Microsoft by Lockheed Martin’s Computer Incident Response Team, hinting at a possible attack against an American target.”, said a blog post by Check point.