Photo: Screenshot from CCTV

China's state security authorities have uncovered a major case of cyberattack from the US, obtaining ironclad evidence that the US National Security Agency had infiltrated China's National Time Service Center under the Chinese Academy of Sciences. The operation has thwarted the US side's attempts to steal state secrets and conduct cyber sabotage, effectively safeguarding the security of "Beijing Time," China's Ministry of State Security (MSS) said in a statement on Sunday. 

Located in Xi'an, Northwest China's Shaanxi Province, the National Time Service Center generates, maintains, and broadcasts "Beijing Time." It provides high-precision time services for sectors such as national communications, finance, electric power, transportation, surveying and mapping, and national defense, while also supplying key data for calculating the Coordinated Universal Time (UTC). 

The center independently developed a world-leading autonomous time measurement system and built a key national science and technology facility - the High-Accurate Ground-based Time Service System. Damage from a cyberattack could jeopardize the secure and stable operation of "Beijing Time," potentially leading to severe consequences such as network communication failures, financial system disruptions, power outages, transportation paralysis, and aerospace launch. It could even throw global timekeeping into chaos, resulting in incalculable harm and losses. 

A meticulous investigation by China's state security authorities found that the US National Security Agency had long planned progressive, systematic cyberattacks against China's National Time Service Center. 

According to China's state security authorities, investigations revealed that US cyberattacks against the time service center has remained dormant and highly covert for a long time, even employing state-level cyber-espionage weapons. These reconnaissance and intrusion activities were detected and monitored from the very beginning, China Central Television (CCTV) reported on Sunday.  

Beginning on March 25, 2022, the US National Security Agency exploited a vulnerability in a foreign-branded phone's SMS service to secretly launch cyberattacks and gain control of the mobile devices of several staff members at China's National Time Service Center, stealing sensitive data stored on their phones. 

From April 18, 2023, the US agency repeatedly used stolen login credentials to hack into the time service center's computers and probe details of its network infrastructure. 

Between August 2023 and June 2024, the US agency deployed a new type of cyber operations platform, activated 42 specialized cyber weapons, carried out high-intensity cyberattacks against multiple internal network systems of the time service center. It also attempted lateral penetration into the High-Accurate Ground-based Time Service System, pre-positioning the capabilities to disable and sabotage the system. 

The National Computer Network Emergency Response Technical Team (CNCERT) conducted a comprehensive investigation of the cyberattack, including analysis, assessment, and source tracing, to establish a full picture of the incident. 

The CNCERT concluded that the US NSA demonstrated advanced cyberattack capabilities in tactical concepts, operational techniques, encrypted communications, and stealth techniques. 

They concealed their espionage activities by using legitimate digital certificates, disguising Windows system modules, and proxying network communications, while their in-depth study of antivirus mechanisms allowed them to effectively avoid detection.

However, the report also pointed to signs of stagnation, such as a lack of genuine innovation and technical bottlenecks in system upgrades following repeated public exposure. 

During the attack, the perpetrators deployed 42 distinct cyber tools, including cyber weapons, functional modules, and malicious files. These were primarily designed to maintain long-term access, build covert communication channels, and extract sensitive data from target systems.

China's state security authorities found that the US agency frequently launched cyberattacks during late night to early morning hours Beijing Time. They used virtual private servers in the US, Europe, and Asia as "stepping stones" to disguise the attack origins. They employed forged digital certificates to bypass antivirus software and other measures to hide their activity, and used strong encryption algorithms to erase digital traces of the attacks - employing virtually every means available to carry out their intrusions. 

The state security authorities of China responded effectively at every stage, securing evidence of the US cyberattacks, guiding the National Time Service Center's investigation and remediation, cutting off the attack chains, upgrading defenses, and eliminating potential security risks. 

In recent years, the US has aggressively pursued cyber hegemony, repeatedly trampling on international norms governing cyberspace. Led by the National Security Agency, the US intelligence agencies have acted recklessly, continuously launching cyberattacks against targets in China, Southeast Asia, Europe, and South America. They have infiltrated and taken control of critical infrastructure, stolen sensitive data, monitored key individuals, and flagrantly violated other countries' cyber sovereignty and personal privacy - posing a grave threat to global cybersecurity, the MSS said. 

The US has also used its technological footholds in places such as the Philippines, Japan, and China's Taiwan region to launch cyberattacks, concealing its own identity and shift blame onto others - exhausting every deceptive tactic. 

At the same time, the US hypocritically hypes the so-called "China cyber threat," pressuring other countries to exaggerate alleged "Chinese hacking incidents," sanctioning Chinese companies, and prosecuting Chinese nationals - all in an attempt to distort facts and invert right and wrong. The undeniable fact is that the US is the real "empire of hackers" and the main source of chaos in global cyberspace, according to the MSS. 

Global Times