Slop.

On Monday, the security firm Check Point revealed that it had discovered evidence that a Chinese group known as APT31, also known as Zirconium or Judgment Panda, had somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group, a security industry name for the highly sophisticated hackers widely understood to be a part of the NSA. According to Check Point, the Chinese group in 2014 built their own hacking tool from EpMe code that dated back to 2013. The Chinese hackers then used that tool, which Check Point has named "Jian" or "double-edged sword," from 2015 until March 2017, when Microsoft patched the vulnerability it attacked. That would mean APT31 had access to the tool, a "privilege escalation" exploit that would allow a hacker who already had a foothold in a victim network to gain deeper access, long before the late 2016 and early 2017 Shadow Brokers leaks.

Only in early 2017 did Lockheed Martin discover China’s use of the hacking technique. Because Lockheed has largely US customers, Check Point speculates that the hijacked hacking tool may have been used against Americans. "We found conclusive evidence that one of the exploits that the Shadow Brokers leaked had somehow already gotten into the hands of Chinese actors," says Check Point's head of cyber research Yaniv Balmas. "And it not only got into their hands, but they repurposed it and used it, likely against US targets."

A source familiar with Lockheed Martin's cybersecurity research and reporting confirms to WIRED that the company found the Chinese hacking tool being used in a US private sector network—not its own or part of its supply chain—that was not part of the US defense industrial base, but declined to share more details.