A leading cybersecurity firm found evidence Chinese intelligence operatives repurposed National Security Agency (NSA) hacking technology in 2016 to attack American allies and private firms in Europe and Asia, according to The New York Times.

Researchers with Symantec believe the Chinese government captured the code from an NSA attack on their own systems rather than stealing it, according to the article. The hacking group that repurposed the tools has committed several attacks on U.S. targets including space, satellite and nuclear propulsion tech manufacturers, according the Times, citing a classified agency memo.

ADVERTISEMENT

Some of the same tools were also dumped online by an unidentified group calling itself the Shadow Brokers, later used by North Korean and Russian intelligence, according to the Times, although there is no apparent connection between the Chinese acquisition and Shadow Brokers’ activity.

While Symantec is not sure how the Chinese got the code, Chinese intelligence contractors have used the tools to conduct cyber warfare in Belgium, Hong Kong, Luxembourg, the Philippines and Vietnam, according to the Times, with targets ranging from schools and scientific research to the government of a U.S. ally. In one case, an operation against a telecommunications network may have led them to obtain as many as millions of private communications, according to Symantec.

Symantec’s research does not explicitly identify the Chinese government, instead referencing “the Buckeye group,” the firm’s term for a team of hackers identified by both the Justice Department and private firms as a contractor for China’s Ministry of State, according to the report. The Justice Department indicted three hackers connected to the group in 2017.

“This is the first time we’ve seen a case — that people have long referenced in theory — of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” Eric Chien, a security director at Symantec, told the Times.