2024 RT Amination Banner.gif

China Daily

News> Nation> Content
Published: 15:59, September 05, 2022 | Updated: 17:30, September 05, 2022
Cyberattack on Xi'an university traced to NSA in US
By Cui Jia
Published:15:59, September 05, 2022 Updated:17:30, September 05, 2022 By Cui Jia

This file photo dated Feb 14, 2018 shows the headquarters of the National Security Agency in Fort Meade, Maryland. (SAUL LOEB / AFP)

The National Security Agency of the United States is responsible for the cyberattack on the e-mail system of Northwestern Polytechnical University in Xi'an, Shaanxi province, China's National Computer Virus Emergency Response Center reported on Monday, following the conclusion of the initial investigation.

The investigation showed that the case is just one of tens of thousands of cyberattacks launched by the NSA's Office of Tailored Access Operation — a cyberwarfare intelligence-gathering unit — on targets in China in recent years. The malicious attacks have resulted in the leak of more than 140GB of high value data, the center said.

The investigation showed that the case is just one of tens of thousands of cyberattacks launched by the NSA's Office of Tailored Access Operation — a cyberwarfare intelligence-gathering unit — on targets in China in recent years

On June 22, the university announced that it had found phishing emails in the guise of research reviews, invitations to academic events and opportunities to study abroad that contained Trojan horse programs, which were sent to teachers and students at the university in an attempt to steal their data and personal information.

The emails tried to trick students and teachers at the university — known for its education and research programs in the fields of aeronautics, astronautics and marine technology engineering — into clicking on links and giving away their sign-in information, which could result in potential data leaks.

During the attack targeting the university's computer network, more than 40 different cyberattack weapons were used to steal core technology data, including key network equipment configurations, network management data, and core operational data. The university said in June that the attack had not led to any key data leaks so far.

ALSO READ: Cybersecurity challenges to pose concerns

By extracting samples of Trojan horse programs from the university's internet terminals with the support of European and South Asian partners, the technical team was able to initially identify that the cyberattack had been conducted by TAO (Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of the NSA, it added.

The cyberattack operation was code-named "shotXXXX" by the NSA under the direct command of the head of TAO. At the time of the attack, Robert Joyce, who is the Director of Cybersecurity at NAS, was in charge of TAO, according to the investigation jointed launched by the center and internet security company, 360.

Thirteen people from the US have been found to be directly involved in the attack, and 170 electronic documents and 60 contracts between the NSA and American telecom operators were arranged through a cover company to create an environment for cyberattacks. In addition, 54 jumpers and proxy servers in 17 countries were used in the attack, about 70 percent of which were based in countries near China, including Japan and South Korea, the center said.

READ MORE: More cybersecurity protection stressed for new infrastructure

It added that the case has exposed the fact that the NSA has been carrying out cyber espionage activities in China for a long period of time. More details about the case will be published in the future.


Share this story

CHINA DAILY
HONG KONG NEWS
OPEN
Please click in the upper right corner to open it in your browser !