Beijing says it uncovered US National Security Agency operatives behind cyberattack on Chinese university

China says it has identified US National Security Agency operatives while investigating a recent cyberattack on Northwestern Polytechnical University, as its top spying and anti-espionage agency vowed on Thursday to root out all “digital spies”.
The revelation came just three days after Beijing revealed more details about John Shing-wan Leung, a Hong Kong permanent resident and US citizen the Chinese Ministry of State Security said posed as a philanthropist while snooping for information. He was jailed for life for espionage in May, two years after his arrest in China.
John Shing-wan Leung, 78, was arrested in China in April 2021. Photo: Alliances for China’s Peaceful Reunification, USA

State-run CCTV said on Thursday that China’s National Computer Virus Emergency Response Centre, with help from Chinese antivirus company 360 Total Security, had discovered the identity of the National Security Agency (NSA) operative or operatives – the broadcaster did not specify how many or name them – after it extracted “multiple samples” of a spyware called “Second Date”.

It said the spyware was used in the cyberattack on Northwestern Polytechnical University in Shaanxi province.


‘Stop stealing’: China condemns US over Trojan horse cyberattacks on state-funded university

‘Stop stealing’: China condemns US over Trojan horse cyberattacks on state-funded university

The report said technical analysis showed that Second Date was a cyberespionage weapon developed by the NSA to sniff out and hijack network traffic and insert malicious codes.

Quoting senior engineer at the National Computer Virus Emergency Response Centre Du Zhenhua, it said software was a potent cyberespionage tool that enabled attackers to take control of target network devices and the data traffic flowing through them, and use them as a “forward base” for the next stage of attacks. It could run on various operating systems and was compatible with multiple architectures.

Du was quoted as saying the spyware was usually used in conjunction with various network device vulnerability attack tools from the NSA’s Office of Tailored Access Operations (TAO). The TAO, now renamed Computer Network Operations, is a cyberwarfare intelligence-gathering unit.

Chinese report reveals US-controlled cyberattacks by ‘empire of hackers’

The report said that after global tracing, the Chinese team found “thousands of network devices” across the country were still infected by the spyware and its derivatives. It said they also found springboard servers remotely controlled by the NSA in Germany, Japan, South Korea, India and Taiwan.

On Thursday, the state security ministry said China had become “a major victim of high-level persistent threats online”, and vowed to strengthen the tracking, monitoring and prevention of cyberespionage, “effectively safeguarding” China’s network security, in a commentary published on its official WeChat account.

“[We] will have ‘digital spies’ reveal their true colours and have nowhere to hide!” the commentary said.


Snowden spy leaks shook the world, a decade later, what’s changed?

Snowden spy leaks shook the world, a decade later, what’s changed?

Without naming a specific country or agency, it said “dozens of intelligence agencies from different countries and regions” had carried out cyberattacks in China via specific agencies and “cover companies”. Besides directly carrying out cyberattacks, foreign spies also lured Chinese companies via outsourcing arrangements, paying for data and system loopholes, it said.

The commentary said these cyberattack targets extended beyond government agencies, with foreign spies and intelligence agencies aiming for “our critical information infrastructure and major infrastructure network systems and a … our universities, scientific research institutions, large enterprises, hi-tech companies and other institutions as well as corporate executives, experts and scholars”.

Pentagon says cyberattacks are part of China’s armory for conflict with US

Cyberspace is increasingly becoming a keenly contested area between China and the US. The US state department recently accused Chinese hackers of breaching senior US diplomats’ email accounts.
China, on the other hand, has been stepping up its efforts to target spies – especially from the US and its allies – and updated its anti-espionage legislation this year to include cyberattacks as punishable spying activities, with a jail term ranging from 10 years to life.


This website uses cookies. By continuing to use this site, you accept our use of cookies.