Exclusive: China a main target of US NSA cyberattacks, with key infrastructure under threat
Published: Mar 02, 2022 03:51 PM
cyber attack Photo:VCG

cyber attack Photo:VCG

The US' National Security Agency (NSA) has been launching cyberattacks against 47 countries and regions for a decade, with Chinese government departments, high-tech companies and military-related institutes among the key targets, the Global Times learned from the Internet Security Company 360 exclusively on Wednesday. 

Cybersecurity experts warned that under the surveillance of the NSA, the privacy and sensitive information of hundreds of millions of people around the world are exposed, "like running around naked." 

Experts slammed the US government and politicians behind the NSA for focusing only on political self-interests. Such invasion seriously infringes on the legitimate interests of Chinese and global citizens, they stressed. 

US NSA launches cyberattacks around the world for a decade Infographic: Deng Zijun/GT

US NSA launches cyberattacks around the world for a decade Infographic: Deng Zijun/GT

China, key target

The NSA is an affiliate of the US Department of Defense, which specializes in electronic communications surveillance. Its main mission is to collect information from various countries, expose the communications activities of potential spies, and provide processed intelligence information to the US government.

For a long time, in order to achieve the purpose of intelligence collection, NSA launched large-scale network attacks around the world, with China being one of the main victims.

According to the company, since 2008, they have captured a large number of complex attack programs. Through long-term analysis and field evidence from multiple victim units, combined with global threat intelligence, as well as tracks to the PRISM scandal and the "Shadow Broker" hacker groups, the company confirmed that these attacks targeting leading enterprises for more than 10 years were carried out by NSA.

"We found that NSA organized attacks on targets in China, such as the government, finance, scientific research institutes, communications operators, education, military, aerospace, medical-related industries, with high-tech companies accounting for a large proportion," a cybersecurity expert from the company told the Global Times. 

According to the FOXCID server code names described in classified NSA documents, it can also be found that the attacks have been launched against 47 countries and regions around the world, including the UK, Germany, France, South Korea, Poland, Japan and Iran, covering 403 targets, the expert said. 

The NSA has developed numerous operational plans to monitor global targets. The expert said that through statistical analysis of the backdoor configuration field of the NSA's exclusive Validator, the potential attack against China is estimated to be very large. "The most conservative estimate for Validator alone is that hundreds of thousands or even millions of computers have been infected by the virus."

Nowhere to hide

The Global Times learned that the company named the hacking group under NSA as APT-C-40 and found the NSA has been launching attacks at leading companies for more than 10 years. 

These attacks, which were discovered to have started in 2010, coincide with a specific network warfare plan the NSA implemented. With diverse and concealing attacking techniques, the NSA launched attacks on key network management servers and terminals of a large number of enterprises.

The expert also revealed that the major tactics for the attacks are varied and covert, including backdoor program UnitedRake, QUANTUM attack system, and fake server FOXCID. 

The QUANTUM attack system is the NSA's most powerful attack tool and was established in 2004. QUANTUM is capable of monitoring, intercepting and utilizing data that the NSA collected from the global network communication and internet system. 

FOXACID is a powerful vulnerability attack platform designed by the NSA which can allow operators with little experience to participate in cyberattacks. It is a powerful "large-scale invasion tool."

The security expert said apart from fighting on the battleground, cyberspace is also an important battlefield for the great powers. Once the APT organization launches attacks on a country, it can paralyze its transportation, banking, aviation, water and electricity systems. In addition, the attacks can be used to damage the country's political stability and economic lifeline. 

The communications industry has been a key target of the NSA, peeping and secretly collecting personal and key data of the industry for a long time, which results in a large number of netizens' private data, such as their identities, property, home address and even voice messages and recordings, risk being maliciously collected, abused or transferred to overseas, the expert said. 

Political self-interest is the only focus for the government and politicians behind the NSA. They treated human rights as a chip for political games and their intrusion seriously infringes on the legitimate interests of Chinese and people around the world, the expert said.