jian

Threat Actor updated 6 months ago (2024-05-30T23:17:29.719Z)

Download STIX

Preview STIX

Jian, a cyber espionage tool used by the China-linked APT31 group (also known as Zirconium, Judgment Panda, and Red Keres), has been implicated in multiple cyber espionage operations. The tool was first brought to public attention in 2022 when it was discovered by the Check Point Research team. Notably, Jian is a clone of the NSA Equation Group's "EpMe" hacking tool and was utilized years before its online leak by the Shadow Brokers hackers. In a recent development, 42-year-old Jian Wen, holding both United Kingdom and Chinese citizenship, was sentenced by the Southwark Crown Court in London to six years and eight months in prison. She was found guilty of laundering $10.4 million worth of cryptocurrency linked to a billion-dollar investment fraud, as reported by Bloomberg. This case marks a significant instance of legal action taken against individuals associated with cybercrime. The use of Jian and related cyber espionage activities have sparked international controversy. Lin Jian, a Chinese Foreign Ministry spokesperson, rejected UK accusations regarding these activities as "false information," challenging the UK government to provide "objective evidence." Meanwhile, various cybersecurity experts, including Dr Chia-Mu Yu of the National Institute of Cybersecurity and Mr Jian-Lung Lin, Director of High-Tech Crime Center of the Taiwan Ministry of Interior Affairs, have spoken on the need for effective mitigation measures and safeguarding critical information infrastructure.

Description last updated: 2024-05-30T23:15:54.104Z

What's your take? (Question 1 of 3)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
APT31 is a possible alias for jian. APT31, also known as Zirconium, is a threat actor believed to be linked to the Chinese government. This group has been associated with numerous cyber attacks, including a significant exploit of CVE-2017-0005. This exploit, dubbed "Jian," was initially attributed to APT31 but upon further analysis by	2
ZIRCONIUM is a possible alias for jian. Zirconium, also known as APT31, Judgment Panda, and Red Keres, is a threat actor linked to numerous cyber espionage operations. The group came into the spotlight in 2022 when the Check Point Research team discovered that it had used a tool called "Jian," a clone of the NSA Equation Group's hacking t	2
Epme is a possible alias for jian. EpMe is a software vulnerability (CVE-2017-0005) that was first discovered within the Equation Group's exploit arsenal, with its existence traced back to at least 2013. The Equation Group, believed to be linked to the NSA, developed this exploit as part of their cyber toolset which also included Dan	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Equation Group Threat Actor is associated with jian. The Equation Group is a threat actor, believed to have ties to the United States, that has been involved in numerous cyber espionage operations. The group's favorite vulnerabilities include CVE-2017-0144, a Windows server message block code execution vulnerability that was leaked by another group kn	Unspecified	2

Source Document References

Information about the jian Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	6 months ago	Cryptohack Roundup: FTX Paid Off Whistleblowers
Securityaffairs	8 months ago	US Treasury Dep announced sanctions against members of China-linked APT31
InfoSecurity-magazine	8 months ago	UK Blames China for 2021 Hack Targeting Millions of Voters' Data
CERT-EU	8 months ago	China protests Taiwan minister's role at Seoul summit backed by US
CERT-EU	a year ago	Envoys of India, US, and Taiwan chair cybersecurity workshop ahead of polls in 3 countries in 2024, envoys-of-india-us-and-taiwan-chair-cybersecurity-workshop-ahead-of-polls-in-3-countries-in-2024 \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	a year ago	Search \| arXiv e-print repository
CERT-EU	a year ago	Search \| arXiv e-print repository
CERT-EU	a year ago	Search \| arXiv e-print repository
CERT-EU	a year ago	Search \| arXiv e-print repository
CERT-EU	a year ago	Nexusflow Launches to Help Automate the SOC
CERT-EU	a year ago	UC Berkeley profs raise $10.6M seed, launch GenAI startup for security
CERT-EU	a year ago	Nexusflow raises $10.6M to build a conversational interface for security tools \| TechCrunch
CERT-EU	a year ago	Search \| arXiv e-print repository
CERT-EU	a year ago	Search \| arXiv e-print repository
CERT-EU	a year ago	Search \| arXiv e-print repository
CERT-EU	2 years ago	Search \| arXiv e-print repository
CERT-EU	2 years ago	New Google Chrome Zero-Day Bug Actively Exploited in Wide – Emergency Update!
Securityaffairs	2 years ago	Google fixed second actively exploited Chrome zero-day of 2023
CERT-EU	2 years ago	Google Patches Second Chrome Zero-Day Vulnerability of 2023
CERT-EU	2 years ago	Search \| arXiv e-print repository