Posted on July 27, 2023 at 6:57 AM

Earthquake Monitoring Centre In Central China’s Wuhan Targeted By A Cyberattack

The Wuhan Earthquake Monitoring Center was recently targeted by a cyberattack that was launched by an overseas hacker. According to local reports, this hacking campaign was caused by state-sponsored hackers.

Wuhan earthquake monitoring center targeted by a hack

According to local state media Global Times, the Wuhan Municipal Emergency Management Bureau said that part of the network equipment at the front-end station collection points within the Wuhan Earthquake Monitoring Centre was targeted by a hacking attack. The report said that preliminary investigations indicated the attacks came from the US.

The center has taken the affected equipment offline and reported the breach to public security organizations to investigate the matter. According to the Wuhan public security bureau Jianghan sub-bureau, the trojan horse program could gain control over user data to steal it. As such, the threat was a danger to national security.

According to Global Times, this breach marked the second major attack targeting China in the past year. The report mentioned the hacking attack on Northwestern Polytechnical University (NWPU) based in Xi’an. The university was hacked by an overseas hacker group in June last year.

The attack on the university prompted NWPU, CVERC, and other relevant bodies to create a technical team that could conduct a comprehensive technical analysis on the matter. The formed team discovered that the hacking campaign was done by the Tailored Access Operations (TAO) division under the US National Security Agency (NSA).

The same team is gathering evidence from the Wuhan earthquake monitoring center to shed more light on the campaign. The preliminary investigations have said that the hackers deployed a Trojan horse program known as “validator.” According to state media, this program was detected to operate within several departments’ information systems while sending this information to the NSA.

The local reports have also said that the findings indicate that this Trojan horse program has been deployed in critical information infrastructure in China and other countries. The number of similar programs that have been deployed in other countries is allegedly more than the ones deployed in China.

According to Global Times, the hackers behind the breach appear to have accessed the seismic intensity data, which determines the intensity and the magnitude of an earthquake. Seismic intensity data is vital to national security as it is used in military defense facilities.

One of the experts on the matter said that “By obtaining relevant data from seismic monitoring centers, hackers can deduce the underground structure and lithology of a certain area. For example, it can be inferred whether there is a large underground cavity, and thus whether it might be a military base or command post.

However, some experts have refuted these claims. These experts have said that there were slim chances of the US being behind the attack because of the nature of the target. Experts believe that the breach might have been conducted by a hacker group that supports Taiwan amid growing tensions with China.

Escalating tensions between China and the US

The US has yet to issue a statement on the claims made by Chinese state media about the exploit of the earthquake monitoring center. However, these accusations are not surprising, given the growing tensions between the two countries.

Recently, Microsoft suffered a major hacking attack that resulted in the compromise of some officials at the State Department. This hacking attack had a broad reach, as it is believed to have affected at least 25 organizations.

Microsoft published its findings on the hacking attack, saying that a Chinese espionage group was behind the attack. However, China refuted these claims and denied being involved in the exploitation of the tech giant.

In May 2023, the cybersecurity agencies of countries such as Australia, Canada, New Zealand, the UK, and the US issued a warning about the growing threat posed by the Chinese threat actors. These hackers were believed to be targeting critical national infrastructure networks across the United States.

The Chinese government has often refuted these claims. China has previously also expressed concerns about the growing threat posed by the US to China’s cyber activity. China imposed a ban on the products sold by a US chipmaker company known as Micron, with the country attributing the decision to cybersecurity concerns.

The accusations come despite the two countries seemingly working on reducing tensions. The US Secretary of State, Anthony Blinken, recently visited China, with the visit being followed by that of the US Treasury Secretary, Janet Yellen.