Identities of cyberattackers who targeted Chinese university discovered


The real identities of the people who launched the cyberattack against China's Northwestern Polytechnical University for the United States National Security Agency have been discovered, according to a report published on Thursday.
The university known for its programs in the fields of aeronautics, astronautics and marine technology engineering called the police after its internal servers were attacked in April 2022. It found that phishing emails with Trojan horse programs, which pretended to be research reviews, invitations to academic events and opportunities to study abroad, were sent to teachers and students at the university in an attempt to steal their data and personal information.
After analyzing data collected from the servers with cybersecurity company 360, many samples of malware SecondDate developed by the NSA have been extracted, the National Computer Virus Emergency Response Center said in the report. It's the latest evidence that the attack was carried out by the NSA.
"More importantly, we have discovered the real identities of those who launched the attacks against the university for the NSA," Du Zhenhua, a senior engineer of the center said. The center previously said that 13 people from the US have been found to be directly involved in such attacks.
The sophisticate malware allows the attackers to fully take control of the infected servers so they can steal information for a long period of time. Also, it can help to implant other cyberattack weapons for future attacks, Du said.
Some core technical data of the university was stolen in those cyberattacks. And the case has exposed the fact that the NSA has been carrying out cyber espionage activities in China for a long time, 360 said earlier.
According to a report of the center in Sept 2022, the Office of Tailored Access Operations affiliated to the NSA had launched thousands of attacks against the university via 41 tools and SecondDate is just one of them.
SecondDate is often used by TAO with other tools targeting loopholes in firewalls, routers and servers to carry out complicated spy missions. Also, it can be uses on different operation systems, he added.
In the latest report, the center has strongly advised government bodies, industry leaders, universities and research institutes to be on high alert at all times. Also, they need to be capable to handle cyberattacks backed by foreign governments.
- Mainland official hopes for mainland tourists to visit Taiwan Island soon
- China adds 1,566 trains amid surge in travelers ahead of National Day holiday
- China records nearly 95m inbound tourist arrivals in Jan-Sept
- Xi vows greater national achievements, contributions to humanity's peace, development
- Ceremony held to mark Martyrs' Day at Tian'anmen Square
- China to implement new set of rules in October