Exclusive: Wuhan Earthquake Monitoring Center suffers cyberattack from the US; investigation underway
Published: Jul 26, 2023 09:19 AM Updated: Jul 26, 2023 11:20 PM
cyber attack Photo:VCG

cyber attack Photo:VCG

The Wuhan Earthquake Monitoring Center has recently suffered a cyberattack launched by an overseas organization, the city's emergency management bureau which the center is affiliated to said in a statement on Wednesday. This is another case of its kind following the June 2022 cyberattack from overseas against a Chinese university.

The expert panel on the case found that the cyberattack was initiated by hacker group and lawbreakers with governmental backgrounds from outside the country. Preliminary evidence suggests that the government-backed cyberattack on the center came from the US, the Global Times has learned.

The Wuhan Municipal Emergency Management Bureau said in a statement on Wednesday that some of the network equipment of the front-end station collection points of the Wuhan Earthquake Monitoring Center, were subjected to a cyberattack by an overseas organization, as monitored by the National Computer Virus Emergency Response Center (CVERC) and Chinese internet security company 360.

The center has immediately sealed off the equipment that was affected and reported the attack to the public security authorities, in order to investigate the case and handle the hacker organization and criminals according to law, said the statement. 

The Wuhan public security bureau Jianghan sub-bureau confirmed the discovery of a Trojan horse program originating from abroad at the Wuhan Earthquake Monitoring Center. According to the public security bureau, this Trojan horse program can illegally control and steal seismic intensity data collected by the front-end stations. This act poses a serious threat to national security.

The public security authorities have opened a case for investigation into this matter and further conducted technical analysis on the extracted Trojan samples. It has been preliminarily determined that the incident was a cyberattack initiated by foreign hacker organizations and outlaws.

Chinese Foreign Ministry spokesperson Mao Ning on Wednesday slammed the cyberattacks, as it posed a serious threat to China's national security, noting that China will take necessary measures to safeguard China's cyber security.

Notorious precedent 

The Wuhan Earthquake Monitoring Center is another national unit that has been subjected to cyberattack from outside the country following the attack on Northwestern Polytechnical University (NWPU) in Xi'an, Northwest China's Shaanxi Province, by an overseas hacker group in June 2022. 

After the attack on NWPU, the CVERC and the company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case. They concluded that the cyberattack was conducted by the Tailored Access Operations (TAO) of the US' National Security Agency (NSA).

Expert technical team composed by the CVERC and the internet security company 360 has arrived in Wuhan to carry out evidence-collection work of the latest case, the Global Times has learned. Preliminary evidence indicates that the cyberattack on the Wuhan Earthquake Monitoring Center had come from the US.

According to company 360's monitoring results, the NSA has carried out cyberattacks on at least hundreds of important domestic information systems in China, and a Trojan horse program called "validator" was found to be running in the information systems of a number of departments, transmitting information to the NSA headquarters.

Moreover, the findings show that a large number of "validator" Trojan horse programs are running in critical information infrastructure not only in China, but also in other countries, and the number of such programs planted in these countries' systems far exceeds that of China.

The CIA is another notorious US cyber-attacking and stealing organization, in addition to the NSA. According to the research of the CVERC, the CIA's cyberattacks have been characterized by automation, systematization and intelligence.

The CIA's latest cyber weapons use extremely strict espionage specifications with various attack techniques interlocked. It now covers almost all internet and Internet of Things assets around the world, and can control other countries' networks and steal their important and sensitive data anytime, anywhere.

Important data targeted 

Professionals pointed out that seismic intensity data refers to the intensity and magnitude of an earthquake, which are two important indicators of its destructive power. Seismic intensity data is closely related to national security, for instance, some military defense facilities need to take into account factors such as seismic intensity, experts said.

Seismic waves passing through different underground media and structures will produce changes in wave velocity, an expert said, as quoted by China Central Television (CCTV). 

"By obtaining relevant data from seismic monitoring centers, hackers can deduce the underground structure and lithology of a certain area," the expert said. "For example, it can be inferred whether there is a large underground cavity, and thus whether it might be a military base or command post."

CCTV pointed out that after acquiring military-related intelligence, the US Defense Intelligence Agency (DIA), the foreign military intelligence agency under the US Department of Defense, is one of the agencies most likely to be able to analyze the data.

Although the staff size and its budget are classified, recent reports show that the DIA set up a "China Task Force" at the end of 2022, which gathered a group of analysts and experts to provide DIA with a "toolbox" for targeting China.

In addition, the DIA regularly publishes the "China Military Power Report," which the US government uses to formulate its military policy toward China.

The DIA is also specialized in military geological research, according to CCTV.

Public reports say the US has conducted many simulated strike tests on more than 10,000 key underground targets around the world using the geological information currently in its possession, providing important reference for its precision strikes, CCTV reported.

With the development of China's geology, the data monitored by the earthquake monitoring center will become more and more multi-dimensional, which also means that once this information is leaked, the more the information that can be analyzed, analysts said. They also pointed out that the cyberattack on the earthquake monitoring center indicates that as their next step, the US' cyberattacks will infiltrate everyday life to find the targets. 

Observers pointed out that the US, while intensifying attacks on global targets and stealing secrets, has spared no effort accusing other countries. 

On the one hand, the US government engages in malicious cyber activities against countries around the world, including China, while on the other hand, it repeatedly hypes up the "Chinese hacker attack" theory. This is a typical double standard and political manipulation, Mao Ning said. 

Cyber security is a common global challenge all countries face. The US politicization and weaponization of cybersecurity seriously interferes with the efforts of the international community to jointly address challenges through dialogue and cooperation, and seriously undermines mutual trust among countries, Mao said. 

"The US side should immediately stop these wrong practices, work with the international community to formulate and abide by common rules through dialogue and cooperation, and maintain peace, security and stability in cyberspace in a constructive and pragmatic manner," Mao remarked.