hackingbear shares a report from Gizmodo: China claims America’s National Security Agency used sophisticated cyber tools to hack into an elite research university on Chinese soil. The attack is believed to have targeted Northwestern Polytechnic University in Xi’an (not to be confused with the California school of the same name), which ranks high in the World University Index for its science and engineering programs. The U.S. Department of Justice called the school “a Chinese military university that is heavily involved in military research and works closely with the People’s Liberation Army,” describing it as a reasonable target for digital infiltration from the U.S. perspective.
China’s National Computer Virus Emergency Response Center (CVERC) recently released a report attributing the hack to the Tailored Access Operations Group (TAO), an elite NSA hacking team that first came to light through Snowden’s leaks back in 2013, helping the US infiltrate government networks around the world for the purpose of gathering intelligence and data. [CVERC identified 41 TAO tools involved in the case.] One such tool, dubbed “Suctionchar,” is said to have helped infiltrate a school network by stealing account credentials from remote management and file transfer programs to hijack logins on targeted servers. The report also mentions the use of Bvp47, a Linux backdoor used in previous hacking missions by the Equation Group, another elite NSA hacking team. According to CVERC, traces of Suctionchar have been found on many other Chinese networks besides Northwestern, and the agency has accused the NSA of carrying out more than 10,000 cyberattacks on China over the past few years.
On Sunday, the allegations against the NSA escalated into a diplomatic complaint. Yang Tao, Director-General of America Affairs at China’s Ministry of Foreign Affairs, issued a statement confirming the CVERC report and claiming that the NSA “seriously breached the technical secrets of relevant Chinese agencies and seriously compromised the security of China’s critical infrastructure, institutions and personal information, and must be stopped immediately.”