China’s intelligence agents are using malware and hacking technologies stolen from the National Security Agency (NSA) to launch cyberattacks on United States allies worldwide, as well as private companies.

American cybersecurity and software firm Symantec Corporation said the Chinese co-opted NSA hacking technology in 2016 to attack American allies and private firms in Europe and Asia. Symantec believes the Chinese obtained the code from an NSA attack on their own systems, the New York Times reported. 

It believes the Chinese did not steal the tools directly from the NSA but discovered an NSA attack on their own computers, captured the code, and then modified it to serve their ends.

The “Buckeye group,” the Symantec's term for the Chinese hacking group that stole and modified the NSA hacking tools, has launched several attacks on U.S. targets. Among those hit were space, satellite and nuclear propulsion tech manufacturers.

The Buckeye group has been identified by both the U.S. Department of Justice (DoJ) and security firms as a contractor for the Ministry of State Security (MSS), China’s intelligence and security agency responsible for counter-intelligence, foreign intelligence and political security. DoJ indicted three hackers connected to the Buckeye group in 2017.

Contractors working for MSS used the tools to conduct cyber warfare in Belgium, Hong Kong, Luxembourg, the Philippines and Vietnam. They attacked schools and scientific research facilities operated by U.S. allies. Symantec said an operation against a foreign telecommunications network allowed China to obtain millions of private communications.

“This is the first time we’ve seen a case -- that people have long referenced in theory -- of a group recovering unknown vulnerabilities and exploits used against them, and then using these exploits to attack others,” said Eric Chien, a security director at Symantec.

National Security Agency (NSA) headquarters The National Security Agency (NSA) headquarters at Fort Meade, Maryland, as seen from the air, January 29, 2010. Photo: SAUL LOEB/AFP/Getty Images

The Buckeye group is said to be the most dangerous Chinese hacker organization tracked by the NSA. 

Symantec said some of the same tools were also dumped online by a group calling itself the Shadow Brokers. These tools were later used by North Korean and Russian intelligence.