Global EditionASIA 中文双语Français
China
Home / China / Society

Identities of cyberattackers who targeted Chinese university discovered

By CUI JIA | chinadaily.com.cn | Updated: 2023-09-14 17:58
Share
Share - WeChat
[Photo/IC]

The real identities of the people who launched the cyberattack against China's Northwestern Polytechnical University for the United States National Security Agency have been discovered, according to a report published on Thursday.

The university known for its programs in the fields of aeronautics, astronautics and marine technology engineering called the police after its internal servers were attacked in April 2022. It found that phishing emails with Trojan horse programs, which pretended to be research reviews, invitations to academic events and opportunities to study abroad, were sent to teachers and students at the university in an attempt to steal their data and personal information.

After analyzing data collected from the servers with cybersecurity company 360, many samples of malware SecondDate developed by the NSA have been extracted, the National Computer Virus Emergency Response Center said in the report. It's the latest evidence that the attack was carried out by the NSA.

"More importantly, we have discovered the real identities of those who launched the attacks against the university for the NSA," Du Zhenhua, a senior engineer of the center said. The center previously said that 13 people from the US have been found to be directly involved in such attacks.

The sophisticate malware allows the attackers to fully take control of the infected servers so they can steal information for a long period of time. Also, it can help to implant other cyberattack weapons for future attacks, Du said.

Some core technical data of the university was stolen in those cyberattacks. And the case has exposed the fact that the NSA has been carrying out cyber espionage activities in China for a long time, 360 said earlier.

According to a report of the center in Sept 2022, the Office of Tailored Access Operations affiliated to the NSA had launched thousands of attacks against the university via 41 tools and SecondDate is just one of them.

SecondDate is often used by TAO with other tools targeting loopholes in firewalls, routers and servers to carry out complicated spy missions. Also, it can be uses on different operation systems, he added.

In the latest report, the center has strongly advised government bodies, industry leaders, universities and research institutes to be on high alert at all times. Also, they need to be capable to handle cyberattacks backed by foreign governments.

Top
BACK TO THE TOP
English
Copyright 1995 - . All rights reserved. The content (including but not limited to text, photo, multimedia information, etc) published in this site belongs to China Daily Information Co (CDIC). Without written authorization from CDIC, such content shall not be republished or used in any form. Note: Browsers with 1024*768 or higher resolution are suggested for this site.
License for publishing multimedia online 0108263

Registration Number: 130349
FOLLOW US