China has released a report which reveals that the US National Security Agency (NSA) used several cybersecurity tools in its recent attacks on a Chinese university. These include sniffing programs and Trojans, which Chinese researchers say led to the theft of a “large amount of sensitive data”.
China’s National Computer Virus Emergency Response Center (CVERC) said on Tuesday that “41 types of cyber weapons” had been exploited by the NSA’s hacking unit, Tailored Access Operations (TAO), in cyberattacks targeting Northwestern Polytechnic University in China.
Located in the Chinese city of Xi’an, the university describes itself as a research-oriented institution with disciplines in aeronautics, astronautics and marine technology engineering. It is affiliated with the Chinese Ministry of Industry and Information Technology.
The university is on the list of U.S. government entities alongside several other Chinese educational institutions, including Sichuan University and Beijing University of Aeronautics and Astronautics. U.S. companies are prohibited from exporting or transferring specific items to listed companies unless they have obtained a license from their government to do so.
According to a report by the state-run Xinhua news agency, CVERC revealed that among the security tools used by TAO was a CVERC sniffing program dubbed “Suctionchar”.
One of the key components that led to data theft, Suctionchar was able to steal accounts and passwords used in remote management and file transfer services on targeted servers, CVERC said in its report. , which was released in conjunction with Chinese cybersecurity provider Beijing Qi. a Pangu Lab Technology.
“Suctionchar can run stealthily on target servers, monitor user input on the operating system’s console terminal program in real time, and intercept all kinds of usernames and passwords,” notes the report, adding that those credentials could then be used. to violate other servers and network devices.
In its attacks on Northwestern Polytechnical University, TAO used Suctionchar along with other components of a Trojan horse program, Bvp47, which Pagu Lab called a backdoor tool developed by Equation Group, which was allegedly linked to TAO.
According to the Chinese security vendor, Bvp47 had been deployed in attacks targeting 45 global markets for more than a decade and breached 64 systems in China.
Attack tools aren’t new
One cybersecurity vendor, however, noted that the technical research detailed in the report appeared to focus on “years-old implants” that had been widely known for several years now.
Speaking to ZDNET on condition of anonymity, a spokesperson for the security provider said there was consensus among Western cybersecurity experts that the attacks targeting Northwestern Polytechnical University appeared to be a scam operation. ‘spying.
He noted that the Chinese university appeared to be involved in the development of modern weapons, which could make it an attractive target.
Referring to the report published by CVERC and Pangu Labs, he said the details appeared to focus on the hacking tools used in previous leaks discovered in 2016, collectively known as Shadow Brokers. He added that it remains unclear what new technical evidence was leaked in Tuesday’s announcement, but noted that he drew his reference from information available in English.
He said cyber espionage was “nothing new” and the United States had not denied involvement in such operations.
China first disclosed the breach against Northwestern Polytechnical University early last week, with the State Council’s National Information Office publicly condemning the cyberattacks.
Chinese Foreign Ministry spokesman Mao Ning said the NSA cyberattacks and data theft involved 13 US government agency personnel. She revealed that more than 1,000 attacks were launched against the university, during which “basic technical data” was stolen.
Mao said: “Cyberspace security is a common problem facing all countries in the world. As a country that has the most powerful computer technologies and capabilities, the United States should immediately stop using its prowess as an advantage for committing robberies and attacks against other countries, [and] participate responsibly in the global governance of cyberspace and play a constructive role in the defense of cybersecurity.”
She added that the United States had “long carried out indiscriminate audio surveillance” against Chinese users, stealing text messages and performing geolocation positioning. She said the United States posed a “serious danger” to China’s national security and the safety of citizens’ personal data.