China has accused the US National Security Agency (NSA) of carrying out a series of cyber attacks targeting the aeronautical and military research-oriented Northwest Polytechnic University in the city of Xi’an in June 2022.
The National Computer Virus Response Center (NCVERC) revealed its findings last week and accused the Office of Tailored Access Operations (TAO), a cyberwarfare intelligence-gathering unit of the National Security Agency (NSA), of orchestrating thousands of attacks. to entities located within the country.
“The US NSA’s TAO has conducted tens of thousands of malicious cyberattacks on China’s internal network targets, controlled tens of thousands of network devices (network servers, Internet terminals, network switches, telephone exchanges, routers, firewalls, etc.) and stole more than 140 GB of high-value data,” NCVERC said.
According to the US Department of Justice (DoJ), Northwestern Polytechnic University is a “Chinese military university that is heavily involved in military research and works closely with the People’s Liberation Army to advance its military capabilities.”
The agency further said that the Northwestern Polytechnic University attack used no less than 40 different cyber weapons that are designed to remove passwords, network equipment configuration, network management data, and operation and maintenance data.
He also said that TAO used two zero-day exploits for the SunOS Unix-based operating system to breach servers used at educational institutions and commercial companies to install what it called the OPEN Trojan.
The attacks are said to have been mounted via a network of proxy servers set up in Japan, South Korea, Sweden, Poland and Ukraine to relay instructions to compromised machines, with the agency noting that the NSA used an unnamed recording company. to anonymize traceable information such as related domain names, certificates and registrars.
In addition to the OPEN Trojan, the attacks included the use of malware he calls “Fury Spray,” “Cunning Heretic,” “Stoic Surgeon” and “Acid Fox” that are capable of “stealth and persistent control” and exfiltrate sensitive information. .
“The behavior of the US poses a serious risk to China’s national security and the security of citizens’ personal information,” spokeswoman Mao Ning said last week.
“As the country that possesses the most powerful cyber technologies and capabilities, the US must immediately stop using its capabilities as an advantage to carry out theft and attacks against other countries, participate responsibly in the global governance of cyberspace, and play a constructive role in protecting cyber security. “
This is not the first time China has called out the US for its intelligence hacking operations. In February, Pangu Lab revealed details of a previously unknown backdoor called Bvp47 that was allegedly used by the Equation Group to attack more than 287 entities worldwide.
Then, in April, NCVERC also released a technical analysis of a malware platform called Hive that is said to be used by the US Central Intelligence Agency (CIA) to customize and adapt malicious programs to various operating systems. , to install rear doors and achieve remote access.
