Report unveils details of US cyberattack

An implant tool code-named "suctionchar" was used by the US National Security Agency to intercept passwords and login data during the cyberattack on the internal servers of the Northwestern Polytechnical University of China in April, according to a report published on Tuesday.

Furthermore, traces of "suctionchar" have been found in the networks of other institutes, which mean that the NSA may have carried out a large-scale cyberattack against China, according to the report published by the National Computer Virus Emergency Response Center.

The tool, which has been described by security experts as "32 or 64 bit OS, solaris sparc 8,9, Kernel level implant", mainly targets Unix and Linux platforms, is easily integrated and used with other cyberattack tools and is difficult to detect. In addition to intercepting passwords and login data, it can theoretically be used to obtain all kinds of other information, and, according to the report, it is a powerful weapon.

The implant's codes were published in the report, which added that "suctionchar" was used by the NSA's Office of Tailored Access Operations — a cyberwarfare intelligence-gathering unit — in the attack on the internal servers of the NPU, which is known for its programs in the fields of aeronautics, astronautics and marine technology engineering. The attack led to a large-scale, continuous leak of sensitive data.

According to the initial investigation, the malicious attack was just one of tens of thousands launched by TAO against targets in China in recent years, which have resulted in the leak of more than 140 gigabytes of high value data, the report added.