خلص تحقيق حديث أجرته شركة "تشيك بوينت" الإسرائيلية الأميركية المتخصصة بالتكنولوجيا إلى أن مجموعة غامضة معارضة للحكومة الإيرانية تقف على الأرجح وراء اختراق نظام السكك الحديدية، في يوليو، وليست إسرائيل.
An investigation by a cybersecurity company has concluded that a little-known group opposed to the Iranian government was most likely behind the hack that caused chaos on the railway system.
A Chinese group known as APT31 … somehow gained access to and used a Windows-hacking tool known as EpMe created by the Equation Group … widely understood to be a part of the NSA. … The Chinese hackers then used that tool … from 2015 until March 2017, when Microsoft patched the vulnerability.
…
APT31 had access to the … privilege escalation exploit … long before the late 2016 and early 2017 Shadow Brokers leaks. … APT31 s [version] appears to have been built by someone with hands-on access to the Equation Group s compiled program.
And Kieren McCarthy wonders if this illustrates
It could be that Beijing obtained a copy of Equation Group s EpMe, or observed it being used and recreated it, and used it while the hole in Microsoft s Windows remained unfixed. Or the Chinese could have found the same bug within the OS.