Posted on September 13, 2022 at 8:17 AM
The Chinese government has released a report claiming that the US National Security Agency (NSA) utilized several cybersecurity tools to launch attacks on a Chinese university. According to the report, one of the tools is a Trojan program which resulted in the theft of a “large amount of sensitive data.” The report came from China’s National Computer Virus Emergency Response Center (NCVERC).
Over 140GB Of Data Stolen In The Attacks
The researchers claimed that the NASA hacking unit, Tailored Access Operation (TAO) tapped “41 types of cyber weapons” in the attack that targeted China’s Northwestern Polytechnical University.
The university describes itself as a research-oriented institution with disciplines in astronauts, aeronautics, and marine technology engineering. It is an affiliate of China’s Ministry of Industry and Information Technology.
NCVERC said the NSA’s TAO has carried out thousands of cyber attacks on China’s domestic network and has impacted tens of thousands of devices. These include routers, telephone exchanges, network switches, network servers, internet terminals, and firewalls.
According to the researchers, TAO has stolen more than 140 GB of high-value data from the various attacks it has carried out on Chinese soil.
The US Department of Justice (DoJ) said the Northwestern Polytechnical University is heavily involved in activities and military research tied to the People’s Liberation Army to advance Chinese military strength. The US agency noted that the university is a Chinese military university and is seen as its center for a series of plans for cyberattacks.
NCVERC Said TAO Used Two Zero Days
The Chinese research agency also stated that TAO used two zero-day exploits for the SunOS Unix-based operating system to compromise servers used in commercial firms and educational organizations. The TAO group used this method to install OPEN Trojan and steal critical data from the targeted servers.
The report also claimed that the attack was planned through a network of proxy servers hosted in Poland, Sweden, Ukraine, South Korea, and Japan.
They used the bases to pass information across to the breached machines. The agency also stated that the NSA used an unnamed registrar company to ensure that the information is not traceable. They kept the details of registrants, certificates, and domain names hidden to maintain their activities on the breached networks.
Apart from using OPEN Trojan, the attackers also utilized a type of malware known as “Fury Spray”, also called “Acid Fox,” “Stoic Surgeon,” and “Cunning Heretics.” This malware is capable of exfiltrating sensitive information while circumventing its operations to stay longer in the compromised networks.
China Says US Agency’s Action Poses A Great Danger To Chinese Security
The spokeswoman of NCVERC, Mao Ning, said the behavior of the US agency poses a great danger to China’s national security as well as citizens’ information security.
She added that the US should stop using its strength as the country with the most powerful cyber technologies and capabilities in the world to launch attacks on other countries. Instead of engaging in such an act, the US should be playing a constructive role in defending cybersecurity and participating in global cyberspace governance.
Ning said this will not be the first time the country has called out the US for its cyber espionage. Earlier in February, Pangu Lap provided details of Bvp47, a previously known backdoor, that was allegedly used by the Equation Group to hit more than 287 entities worldwide.
The US Agency Combined Different Programs For The Attacks
NCVERC revealed that a sniffing program called “Suctionchar” is one of the programs TAO used t launch attacks on the educational system. The report noted that Suctionchar was used to successfully steal passwords used in file transfer and remote management services on targeted devices. However, the sniffing program was also used with the Bvp47 Trojan program to achieve the desired hacking results TAO had planned.
Two months later, NCVERC released details of the technical analysis of a malware known as Hive. According to the report, the malware was allegedly deployed by the US Central Intelligence Agency (CIA) to adapt malware programs to different operating systems. The agency also used the malware to plant backdoors and gain remote access to the targeted networks. In reply to the accusations, the US agency has stated that the University in question has been used by Chinese military intelligence to carry out its operations. However, it did not state whether the accusation from the Chinese agency was true.