BEIJING, Sept. 27 (Xinhua) — China released a new investigative report on Tuesday, saying new evidence has been found to show that the U.S. National Security Agency (NSA) was behind the “thousands of cyberattacks” against a Chinese university.
With technical support from a number of countries in Europe and Southeast Asia, Chinese experts were able to trace the technical characteristics, attack weapons and routes used in the cyberattack on the Polytechnic University. from northwest China, according to the report released by the National Computer Virus Emergency of China. Response Center in collaboration with Internet security company 360.
They discovered that these attacks came from the NSA-affiliated Office of Tailored Access Operation (TAO), which revealed its own technical flaws and operational missteps during the attack, according to the report.
An earlier investigation revealed that 41 types of cyber weapons were used by TAO in the recently disclosed cyber attacks against the university.
Of the 41 types of cyberattack tools, 16 are identical to TAO weapons that have been exposed by the hacking group “Shadow Brokers”, and 23 share a 97% genetic similarity with those deployed by the TAO, according to the report. .
The remaining two types are to be used in conjunction with other TAO cyberattack weapons, the report said, adding that the weapons’ homology suggests they all belong to TAO.
The technical analysis revealed that cyber attackers’ working time, linguistic and behavioral habits, and operation errors also revealed their links with TAO.
The report details the process of TAO’s infiltration into the Chinese university’s internal network. TAO first used “FoxAcid”, a man-in-the-middle attack platform, to hack into the university’s host computer and internal servers, then took control of several key servers with remote control weapons. He then controlled some important network node equipment, including the university’s internal routers and switches, and stole authentication data.
Hiding in the university’s operations and maintenance servers, TAO stole several key configuration files of network equipment, which were used to “validly” monitor a batch of network equipment and Internet users.
The Chinese investigation team discovered that TAO had captured personal information of some people with sensitive identities in the Chinese mainland. The information was sent back to NSA headquarters via multiple jump servers.
The report says the true identities of 13 attackers have been discovered.
The report, revealing the details of US cyberattacks on the Chinese university, was released to offer lessons to countries around the world so they can more effectively identify and prevent TAO cyberattacks.