Mon | Sep 12, 2022 | 4:15 PM PDT

China's National Computer Virus Emergency Response Center (CVERC) recently made a statement accusing the United States National Security Agency (NSA) of repeatedly hacking the Northwestern Polytechnical University, a key public military research university located in Xi'an, China.

The CVERC says that on June 22, 2022, the school suffered an "overseas cyberattack" and confirmed that there was a number of Trojan samples on the university's network.

After extracting some of the samples and investigating the situation, China believes that the "overview, technical characteristics, attack weapons, attack paths and attack sources of the relevant attack events" originated from the NSA's Office of Tailored Access Operations (TAO).

TAO is a tactical implementation unit of the U.S. government that specializes in conducting large-scale cyber attacks on other countries. It has more than 2,000 military and civilian personnel.

The statement from CVERC makes several claims about NSA hacking activities:

"This investigation found that in recent years, TAO, a subordinate of the US NSA, has carried out tens of thousands of malicious network attacks on network targets in China, and controlled tens of thousands of network devices (network servers, Internet terminals, network switches, telephone switches) , routers, firewalls, etc.), stealing over 140GB of high-value data. 

TAO continues to expand the scope and scope of cyber attacks by leveraging its cyber attack weapon platform, 'zero-day vulnerabilities' (0days) and the network devices it controls, etc. After technical analysis and source tracing, the technical team has now clarified the network attack infrastructure, special weapons and equipment, and techniques and tactics used in the TAO attack activities, restored the attack process and stolen documents, and mastered the information of the US NSA and its subordinate TAO on China.

Evidence related to cyber attacks and data theft on the Internet, involving 13 people who directly launched cyber attacks against China in the United States, as well as more than 60 contracts signed by the NSA with U.S. telecom operators to build a cyber attack environment through cover companies. More than 170 documents."

In the analysis of the attack events, CVERC says TAO used 41 different cyberattack weapons specific to the NSA. According to the report, the purpose of the attacks was to steal key network equipment configuration, network management data, operation and maintenance data, and other core technologies data.

It also says that TAO penetrated more than 1,100 attack links and operated over 90 instruction sequences inside the university. CVERC's technical team that investigated the incident divided the tools that TAO used into four categories:

  1. Vulnerability attack breakthrough weapons - "TAO relies on such weapons to carry out attack breakthroughs on Northwestern Polytechnical University's border network equipment, gateway servers, and office intranet hosts. It is also used to attack and control overseas springboards to build an anonymous network as a cover for action."

  2. Persistent control weapons - "TAO relies on such weapons to covertly and persistently control the Northwestern Polytechnical University network. The TAO action team can send control commands through encrypted channels to operate such weapons to infiltrate, control, and steal the Northwestern Polytechnical University network."

  3. Sniffing secret weapons - "TAO relies on such weapons to sniff the account passwords and command line operation records used by Northwestern Polytechnical University staff to operate and maintain the network, and steal sensitive information and operation and maintenance data within the Northwestern Polytechnical University network."

  4. Concealed weapons - "TAO relies on such weapons to eliminate traces of its behavior within the Northwestern Polytechnical University network, hide and cover up its malicious operations and stealing behaviors, and at the same time provide protection for the above three types of weapons."

The CVERC claims this report "reveals the truth" that the NSA has been conducting cyber espionage activities against Northwestern Polytechnical University for a very long time.

Mao Ning, a spokesperson for China's Ministry of Foreign Affairs, discussed the incident at a recent press conference:

"The US's behavior pose a serious danger to China's national security and citizens' personal information security. China strongly condemns this and asks the US side to offer an explanation and immediately stop its unlawful moves. 

I want to stress that security of the cyber space is a common issue facing all countries in the world. As the country that possesses the most powerful cyber technologies and capabilities, the US should immediately stop using its prowess as an advantage to conduct theft and attacks against other countries, responsibly participate in global cyber space governance and play a constructive role in defending cyber security."

For more information on the hacking incident, read the report from China's CVERC.