US intelligence services used a “concealed and adaptable” cyberweapon to hack into one of China’s top universities, local media reported on Tuesday.
According to the Global Times, Chinese experts have captured a cyber tool allegedly used by the Office of Tailored Access Operation (TAO), a secretive unit of the US National Security Agency, in an attack on the Northwestern Polytechnical University.
On September 5, China’s National Computer Virus Emergency Response Center revealed the results of the investigation into a series of attacks on the state-funded university, which specializes in aeronautics and space research. At the time, the authorities said that TAO used “more than 40 different NSA-specific cyberattack weapons” to steal the university’s data.
According to experts interviewed by Global Times, the NSA cyberwarfare unit mainly relied on the so-called “drinking tea” tool which was implanted into the internal network of the university. This allegedly enabled the culprits to steal passwords of remote management and remote file-transfer services, and gain Intranet access. As a result, a large trove of sensitive data was stolen.
One of the outlet’s sources explained that the “drinking tea” is a highly stealthy tool as it can easily blend into new environments. After being implanted, this spyware disguises itself as an ordinary background service process, which makes it very difficult to detect, the cyber-expert noted.
In his telling, the program may monitor what data the user is inputting via the console, allowing it to see all account names and passwords. “Once these usernames and passwords are obtained by TAO, they can be used to carry out the next stage of the attack to help the office steal files on the servers or deliver other cyber weapons,” the expert told the newspaper.
Over 140GB of high-value data was stolen by the US, according to China’s National Computer Virus Emergency Response Center. The NSA and State Department declined to comment on the allegations.
China has repeatedly accused the US of spying on universities, as well as on energy and internet companies. At the same time, Washington has blasted Beijing for stealing American commercial secrets, with FBI chief Christopher Wray claiming earlier this year that the nation had illegally retrieved “staggering volumes” of information, while being the source of more cyberattacks than all other countries combined.