Exclusive: US’ NSA infiltrates China’s data infrastructure in cyberattack on leading university
Published: Sep 22, 2022 08:48 AM
US launches cyberattacks targeting China's space and aviation university. Cartoon: Vitaly Podvitski

US launches cyberattacks targeting China's space and aviation university. Cartoon: Vitaly Podvitski

During the cyberattack against the email system of Northwestern Polytechnical University in China's Shaanxi Province - well-known for its aviation, aerospace and navigation studies - the US' National Security Agency (NSA) was found to have constructed a "legal" channel for remote access to the core data network of some infrastructure operators so that the US intelligence agency could infiltrate and control the country's infrastructure, the Global Times learned from a source on Thursday. 

On June 22, Northwestern Polytechnical University announced that hackers from abroad were caught sending phishing emails with Trojan horse programs to teachers and students at the university in an attempt to steal their data and personal information.

A police statement released by the Beilin Public Security Bureau in Xi'an the next day said that the attack had attempted to lure teachers and students into clicking links of phishing emails with Trojan horse programs, with themes involving scientific evaluation, thesis defense and information on foreign travel, so as to obtain their email login details.

To probe the attack, China's National Computer Virus Emergency Response Center and internet security company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case. 

By extracting many Trojan samples from internet terminals of Northwestern Polytechnical University, with the support of European and South Asian partners, the technical team initially identified that the cyberattack on the university was conducted by the Tailored Access Operations (TAO) (Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of the US' NSA.

Targeting Northwestern Polytechnical University, TAO used 41 types of weapons to steal core technology data, including key network equipment configuration, network management data, and core operational data. The technical team discovered more than 1,100 attack links that had infiltrated the university and more than 90 operating instruction sequences, which stole multiple network device configuration files, and other types of logs and key files, the source said.

According to an analysis of the characteristics of the TAO attack, infiltration tools, and Trojan horse samples, the technical team also found that TAO had infiltrated some infrastructure operators in China, built a "legal" channel for remote access to the core data network, and attempted to control China's infrastructure.

More details about TAO's cyberattack on Northwestern Polytechnical University will be released soon, the source said.