23 Sep 2022 4:42 p.m
China accuses the United States of having an NSA hacking team attack a research facility close to the Chinese military. At times, the American hackers are said to have had control over the Chinese telecommunications networks and other infrastructure facilities.
China has accused the American foreign intelligence agency NSA of carrying out a series of cyberattacks on Northwestern Polytechnical University in the city of Xi’an in June 2022. This university is focused on aeronautics and military research. In early September, the Chinese National Computer Virus Emergency Response Center (NCVERC) announced that the Office of Tailored Access Operations (TAO) – a cyber warfare division of the NSA – had orchestrated thousands of attacks on Chinese facilities. The NCVERC is a non-governmental cybersecurity technical center and the main coordinating body for China’s cybersecurity response.
“NSA’s TAO has conducted tens of thousands of malicious cyberattacks on China’s domestic network targets, controlled tens of thousands of network devices (network servers, Internet terminals, network switches, switchboards, routers, firewalls, etc.) and stole more than 140GB of high-value data,” says the NCVERC statement. According to the information, about 40 different cyber weapons were used in the attack on Northwestern Polytechnical University in order to siphon off passwords, the configuration of network devices, network management data and operational and maintenance data.
In order to gain access to the servers of the military educational institution and any companies and at the same time to be able to install a so-called OPEN Trojan, the TAO used two so-called day exploits, newly discovered security gaps in the Unix-based operating system SunOS. The report also mentions the use of Bvp47, a Linux backdoor. This had already been used in previous hacking missions by the so-called Equation Group, a hacking group said to be close to the NSA.
According to the NCVERC, the implemented OPEN Trojan was SuctionChar – a malware that can steal accounts and passwords by using remote management to make file transfers to targeted servers. It serves as a key backdoor tool also developed by the Equation Group. “SuctionChar can be run stealthily on target servers that monitor user input in the operating system console’s terminal program in real time and intercept all types of usernames and passwords,” the Chinese report said. The NCVERC also writes that the stolen credentials were used to break into other servers and network devices.
In addition to the OPEN Trojan, the malicious programs “Fury Spray”, “Cunning Heretics”, “Stoic Surgeon” and “Acid Fox” were used in the attacks. These are able to exercise “covert and permanent control” and filter out sensitive information. The hackers’ arithmetic commands are said to have been forwarded to the compromised computers in China via a network of proxy servers in Japan, South Korea, Sweden, Poland and the Ukraine. The American foreign intelligence service acted very carefully: The NSA used an unnamed registry company to anonymize traceable information such as relevant domain names, certificates and registrants, the report goes on to say.
But why did the NSA go to such lengths to get hold of university data? According to the U.S. Department of Justice, Northwestern Polytechnical University is a “Chinese military university heavily engaged in military research and working closely with the People’s Liberation Army in the advancement of its military capabilities.” From a US perspective, it would therefore be a reasonable target for digital infiltration.
Washington’s hiring of the TAO — an elite team of NSA hackers specializing in stealth intrusion — to do the job suggests the US was less interested in research in its cyberattack. According to previous reports, TAO has frequently assisted the US government in breaking into networks around the world to gather information and data.
According to Chinese information, the current incident happened back in July. It came to public attention after Northwestern Polytechnical University itself announced that it had caught overseas hackers sending phishing emails containing Trojan horse programs to college faculty and students in order to steal their data and personal information steal.
A police statement released the next day by the Beilin Public Security Bureau in Xi’an said the attack was an attempt to trick teachers and students into following links in phishing emails containing Trojan horse programs click. These e-mails were about “scientific evaluations, the defense of theses and information about trips abroad in order to get their e-mail registration data.” Later, the NCVERC experts involved in the investigation found that the NSA secretly set up remote access to the core data network of some Chinese infrastructure operators during their attack on the university’s email system. In this way, the US intelligence service even gained control of the country’s infrastructure at times, according to the Chinese state-run newspaper GlobalTimes learned on Thursday from an unnamed source.
“US behavior poses a serious threat to China’s national security and the security of its citizens’ personal information,” Mao Ning, spokeswoman for China’s foreign ministry, said at a news conference last week.
“As the country possessing the most powerful cyber technologies and capabilities, the US should immediately stop using its strength as an advantage to carry out thefts and attacks against other countries. It should responsibly engage in global cyberspace governance and play a constructive role in defending cybersecurity.”
Cyber attacks conducted by the NSA appear to have been ongoing for more than 10 years, with 45 nations and regions around the world now targeted by these cyber espionage and surveillance campaigns. Computer systems from countries friendly to the United States are said to have been among the targets of the attack. According to reports from the Chinese news agency Xinhua the hacker unit TAO had previously targeted 32 systems in Japan, 30 in South Korea and 16 in Germany. Sweden, Poland and Ukraine were also badly hit.
For several years, China has accused the United States of cyber attacks without being specific. In recent weeks, however, Beijing has increasingly blamed certain attacks on the US, increasing cyber tensions between the two countries. On September 18, the allegations against the NSA were escalated to a diplomatic complaint. Yang Tao, director-general of American affairs at China’s Foreign Ministry, released a statement. In it, he confirmed the NCVERC report and claimed that the NSA had “seriously violated the technical secrets of relevant Chinese institutions and seriously compromised the security of China’s critical infrastructure, institutions and personal data. It must be stopped immediately.”
However, China does not have a clean record when it comes to cyber espionage either. Since 2020, the US has accused Beijing of digital infiltration of American telephone networks, state government agencies, American journalists’ private accounts, and numerous other targets. The United States has not yet issued a public statement on the current allegations.
More on the subject – “Information doesn’t have to be solid” – The new strategy of the US intelligence services