Cyberattack probe suggests a US source

The Office of Tailored Access Operations, or TAO, the cyber warfare intelligence agency under the US National Security Agency, is the source of a cyberattack on the email system of Northwestern Polytechnical University in Xi'an, Shaanxi province, according to preliminary investigative conclusion released on Monday.

The report was released by China's National Computer Virus Emergency Response Center and Chinese security software giant Qihoo 360. The two jointly formed a technical team and analyzed the case.

According to the report, the team collected some Trojan samples from the university's information system and several terminals that have access to the internet.

Through existing data resources and analysis at home, and with the support of partners from some countries in Europe and South Asia, the team has restored the overall picture of the technical characteristics of the cyberweapon, path and source of the attack, the report said, delivering a preliminarily judgment that the attack originated with the TAO of the NSA.

On June 22, the university announced that there had been a cyberattack launched from overseas. Later, the police in Xi'an's Beilin district said in a statement that Trojan horse samples originating from abroad were discovered in the university's information network and that an investigation had begun.

Phishing emails containing Trojan horse programs were disguised as research reviews, invitations to academic events and opportunities to study abroad, the Beilin police said.

The emails attempted to trick students and teachers at the university, known for its education and research programs in aeronautics, astronautics and marine technology engineering, into clicking on links and giving away their sign-in information, which would result in potential data leaks.

Cui Jia contributed to this story.