Scoop has an Ethical Paywall
Buckeye group used Equation Group tools pre-Shadow Brokers
Symantec Threat Intelligence: Buckeye attack group used Equation Group tools pre-Shadow Brokers leak
Today, Symantec released new research revealing the Buckeye (aka APT3 and Gothic Panda) attack group was using Equation Group tools to gain persistent access to target organisations at least a year prior to the Shadow Brokers leak. The variants of the Equation Group tools used by Buckeye appear to be newer and modified compared to those released by Shadow Brokers.
This marks the first time Symantec has seen a case—long referenced in theory—of an attack group recovering otherwise unknown exploits and tools used against them to subsequently attack others.
Of note, Buckeye’s use of Equation Group tools also involved the exploit of a previously unknown Windows zero-day vulnerability that Symantec discovered (which has since been patched by Microsoft).
While Buckeye appeared to cease operations in mid-2017 and three alleged members of the group were indicted by the U.S. Department of Justice in November 2017, the Equation Group tools associated with Buckeye specifically continued to be used in attacks until late 2018.
Symantec’s full research can be found here.
Advertising Standards Authority: ASA Annual Report 2025 - Platform-Neutral Regulation Keeps Pace With Digital Advertising
Science Media Centre: Lead Pipes Banned For New Plumbing – Expert Reaction
New Zealand Young Physicists Trust: Auckland To Host The ‘World Cup Of Physics’ In 2027; Search Begins For Student-Designed Tournament Logo
Oxfam Aotearoa: Top CEO Pay Increased 20 Times Faster Than Workers’ Pay In 2025
Bill Bennett: TUANZ Report - Networks Built, Value Missing
Workers First Union: May Day - Union Warns Against Fuel Crisis Opportunism By Employers
