BEIJING, September. 27th 2022 (Xinhua) — China on Tuesday released a new investigation report in which it said further evidence has been found to show the US National Security Agency (NSA) is behind “thousands of cyber attacks” on a Chinese university.
With the technical support from a number of European and Southeast Asian countries, Chinese experts were able to retrace the technical features, attack weapons and paths used in the cyber attack against China’s Northwestern Polytechnical University, according to the report published by China’s National Computer Virus Emergency Response Centre in collaboration with internet security company 360.
They have found that those attacks originated from the NSA-affiliated Office of Tailored Access Operation (TAO), which had exposed its own technical loopholes and operational missteps during the attack, the report said.
Earlier probe has found that 41 types of cyber weapons were used by TAO in the recently exposed cyber attacks against the university.
Among the 41 types of cyber attack tools, 16 are identical to the TAO’s weapons that have been exposed by hacker group “Shadow Brokers,” and 23 share a 97 percent genetic similarity with those deployed by TAO, said the report.
The remaining two types need to be used in conjunction with other cyber attack weapons of TAO, the report said, adding that the homology of the weapons suggests they all belong to TAO.
Technical analysis found that the cyber attackers’ working time, language and behaviour habits, and operation miss have also exposed their links with TAO.
The report detailed the process of TAO’s infiltration into the Chinese university’s internal network. TAO first used “FoxAcid,” a man-in-the-middle attack platform, to hack into the university’s internal host computer and servers, and then gained control over several key servers with remote control weapons. It then controlled some important network node equipment including the university’s internal routers and switches, and stole authentication data.
Hiding in the university’s operation and maintenance servers, TAO stole several key configuration files of network equipment, which were used to “validly” monitor a batch of network equipment and internet users.
The Chinese investigation team found that TAO captured personal information of some people with sensitive identity on the Chinese Mainland. The information was sent back to headquarters of the NSA via multiple jump servers.
The report said the true identities of 13 attackers have been found out.
The report, revealing details of the US cyber attacks against the Chinese university, was released to offer lessons to countries across the world so that they can more effectively identify and prevent cyber attacks by TAO.
Source: Xinhua Editor: huaxia
NOTE: A number of interesting facts have emerged.
1) The so-called Tailored Access Operation (TAO) – is using an acronym that mispronounces the Chinese term ‘道’ (dao4) – persisting to use the misrepresenting Wade-Giles variant of ‘Tao’ in defiance of Chinese Mainland derived ‘Pinyin’. The racist element of this is that America continues to insist that ‘White’ Europeans should persist to have the power to decide what Chinese culture ‘is’ and that ethnic Chinese people should just ‘conform’ to these dictates. In this case the term ‘Tao’ refers to the ‘path’ or ‘way’ into China through which America’s hackers have taken!
2) Presumably, the America’s believe that they will find some type of useful data to boost its ‘disinformation’ campaigns against China by focusing its efforts upon China’s Northwestern Polytechnical University.
3) There have been a number of ‘European’ countries that have assisted China combat US covert activity!
4) China’s Northwestern Polytechnical University (NPU) is located in the Xi’an area of Shaanxi Province. It is a research-oriented, multi-disciplinary university focusing on cutting-edge aerospace and marine engineering and materials science. It is one of the national 985 Project Universities in China and is affiliated to the Ministry of Industry and Information Technology.
5) China’s counter-hackers have identified ’23’ US-employed (individual) ‘hackers’ – suggesting the US cannot defend its own espionage employees!