icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
13 Sep, 2022 10:05

Details of alleged US cyberattack on China emerge

Washington’s cyberwarfare unit relied on a stealthy program as it hacked a prominent Chinese university, Global Times reports
Details of alleged US cyberattack on China emerge

US intelligence services used a “concealed and adaptable” cyberweapon to hack into one of China’s top universities, local media reported on Tuesday.

According to the Global Times, Chinese experts have captured a cyber tool allegedly used by the Office of Tailored Access Operation (TAO), a secretive unit of the US National Security Agency, in an attack on the Northwestern Polytechnical University.

On September 5, China’s National Computer Virus Emergency Response Center revealed the results of the investigation into a series of attacks on the state-funded university, which specializes in aeronautics and space research. At the time, the authorities said that TAO used “more than 40 different NSA-specific cyberattack weapons” to steal the university’s data.

According to experts interviewed by Global Times, the NSA cyberwarfare unit mainly relied on the so-called “drinking tea” tool which was implanted into the internal network of the university. This allegedly enabled the culprits to steal passwords of remote management and remote file-transfer services, and gain Intranet access. As a result, a large trove of sensitive data was stolen.

One of the outlet’s sources explained that the “drinking tea” is a highly stealthy tool as it can easily blend into new environments. After being implanted, this spyware disguises itself as an ordinary background service process, which makes it very difficult to detect, the cyber-expert noted.

In his telling, the program may monitor what data the user is inputting via the console, allowing it to see all account names and passwords. “Once these usernames and passwords are obtained by TAO, they can be used to carry out the next stage of the attack to help the office steal files on the servers or deliver other cyber weapons,” the expert told the newspaper.

Over 140GB of high-value data was stolen by the US, according to China’s National Computer Virus Emergency Response Center. The NSA and State Department declined to comment on the allegations.

China has repeatedly accused the US of spying on universities, as well as on energy and internet companies. At the same time, Washington has blasted Beijing for stealing American commercial secrets, with FBI chief Christopher Wray claiming earlier this year that the nation had illegally retrieved “staggering volumes” of information, while being the source of more cyberattacks than all other countries combined.

Podcasts
0:00
25:26
0:00
14:40