What Symantec research into Buckeye using Shadow Brokers Leaked tools before they where leaked actually means

Symantec posted an article on May 6th under the title (Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak) that was taken out of context in most news publications including the New York Times.

This research shows that at some point the China government got a copy of the same tools that where exposed from the NSA by the group Shadow Brokers. At this time the link is only that the tools may have been used against the China government at some point but at no point is the assertion in the Symantec article that NSA lost control of the data earlier like in The New York Times article.

The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.

Quote from The New York Times incorrectly stating a fact when it’s not, there is no evidence of this according to Symantec.

So what did happen? Symantec found that the Buckeye cyber espionage group used the tools and had access to them around a year before the Shadow Brokers released the tools.

How Buckeye obtained Equation Group tools at least a year prior to the Shadow Brokers leak remains unknown.


To learn more about this you can listen to a section about this research over on the Risky Business podcast in ep #540 — In depth: Hamas cyber unit destroyed in air strike.