China has released a report that reveals the US National Security Agency (NSA) used multiple cybersecurity tools in its recent attacks on a Chinese university. Among these are sniffing programs and Trojans, which Chinese researchers say led to the theft of a “large amount of sensitive data”.
University is on Washington’s blacklist
China’s National Computer Virus Emergency Response Center (CVERC) said on Tuesday that “41 types of cyberweapons” were used by the NSA’s hacking unit, Tailored Access Operations (TAO), in cyber attacks targeting Northwestern China Polytechnic University.
Located in the Chinese city of Xi’an, the university describes itself as a research-oriented institution specializing in aeronautical, astronautical and maritime engineering. This university is affiliated with the Chinese Ministry of Industry and Information Technology.
The university is blacklisted by the US government, along with several other Chinese educational institutions, including Sichuan University and Beijing University of Aeronautics and Astronautics. U.S. companies are prohibited from exporting or transferring specific products to companies on the list unless they have obtained a license from their government to do so.
Suctionchar
According to a report by China’s state-run Xinhua news agency, China’s National Computer Virus Emergency Response Center revealed that among the security tools used by the TAO unit was a sniffing program, which it christened “Suctionchar”.
Suctionchar, one of the key elements that led to the data theft, was able to steal accounts and passwords used in remote management and file transfer services on the targeted servers, the center says in its report, which was released in conjunction with Chinese cybersecurity provider Beijing Qi’an Pangu Laboratory Technology.
“Suctionchar can run stealthily on target servers, monitor user input in the operating system’s console terminal program in real time, and intercept all kinds of usernames and passwords,” says the report, which clarifies that these credentials can then be used to break into other servers and network devices.
Trojan horse and backdoor
In its attacks on the university, the TAO unit used Suctionchar along with other components of a Trojan horse, Bvp47, which the Pagu Lab characterized as a backdoor tool developed by Equation Group, which would be linked to the NSA unit.
According to the Chinese security publisher, Bvp47 has been deployed in attacks targeting 45 global markets for more than 10 years, and penetrated 64 systems in China.
Attack tools are not new
A cybersecurity vendor, however, noted that the technical research detailed in the report seemed to focus on old techniques, which had been widely known for several years.
Speaking to ZDNET on condition of anonymity, a spokesperson for the security provider says Western cybersecurity experts agree that the attacks targeting Northwestern Polytechnic University appear to be a spy operation . He notes that the Chinese university appears to be involved in the development of modern weapons, which could make it an attractive target.
Referring to the report published by China’s National Computer Virus Emergency Response Center and Pangu Labs, he said the details appear to focus on the hacking tools used in the previous leaks, which were discovered in 2016. collectively known as Shadow Brokers. Before adding that it is still not clear what new technical evidence was leaked in Tuesday’s announcement.
He believes that cyber espionage is “not new” and that the United States has not denied its involvement in such operations.
China condemns attacks
China first exposed the Northwestern Polytechnic University data breach early last week, with the National State Council Information Office publicly condemning the cyberattacks.
Chinese Foreign Ministry spokeswoman Mao Ning said the NSA cyberattacks and data theft involved 13 people from the US government agency. She said more than 1,000 attacks have been launched against the university, in which “essential technical data” has been stolen.
“Cyberspace security is a common problem for all countries in the world. As the country with the most powerful cyber technologies and capabilities, the United States should immediately stop using its prowess as an advantage to carry out robberies and attacks against other countries, participate responsibly in the governance world of cyberspace and play a constructive role in the defense of cybersecurity,” said the Minister.
According to her, the United States has “long carried out indiscriminate audio surveillance” against Chinese users, stealing text messages and performing location-based positioning. She believes that the United States represents a “serious danger” to China’s national security and the security of citizens’ personal data.
Source: ZDNet.com