China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022.
The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO), a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA), of orchestrating thousands of attacks against the entities located within the country.
“The U.S. NSA’s TAO has carried out tens of thousands of malicious cyber attacks on China’s domestic network targets, controlled tens of thousands of network devices (network servers, Internet terminals, network switches, telephone exchanges, routers, firewalls, etc.), and stole more than 140GB of high-value data,” the NCVERC said.
According to the U.S. Department of Justice (DoJ), Northwestern Polytechnical University is a “Chinese military university that is heavily involved in military research and works closely with the People’s Liberation Army on the advancement of its military capabilities.”
The agency further said that the attack on the Northwestern Polytechnical University employed no fewer than 40 different cyber weapons that are designed to siphon passwords, network equipment configuration, network management data, and operation and maintenance data.
It also said that the TAO used two zero-day exploits for the SunOS Unix-based operating system to breach servers used in educational institutions and commercial companies to install what it called the OPEN Trojan.
The attacks are said to have been mounted via a network of proxy servers hosted in Japan, South Korea, Sweden, Poland, and Ukraine to relay the instructions to the compromised machines, with the agency noting that the NSA made use of an unnamed registrar company to anonymize the traceable information such as relevant domain names, certificates, and registrants.
Besides OPEN Trojan, the attacks entailed the use of malware it calls “Fury Spray,” “Cunning Heretics,” “Stoic Surgeon,” and “Acid Fox” that are capable of “covert and lasting control” and exfiltrating sensitive information.
“The U.S.’s behavior poses a serious danger to China’s national security and citizens’ personal information security,” spokeswoman Mao Ning said last week.
“As the country that possesses the most powerful cyber technologies and capabilities, the U.S. should immediately stop using its prowess as an advantage to conduct theft and attacks against other countries, responsibly participate in global cyberspace governance and play a constructive role in defending cyber security.”
This is not the first time China has called out the U.S. for its intelligence hacking operations. In February, Pangu Lab disclosed details of a previously unknown backdoor called Bvp47 that’s alleged to have been used by the Equation Group to strike more than 287 entities globally.
Then in April, the NCVERC also released a technical analysis of a malware platform called Hive that’s said to be employed by the U.S. Central Intelligence Agency (CIA) to customize and adapt malicious programs to different operating systems, plant backdoors, and achieve remote access.