The U.S. National Security Agency (NSA) hacked into the email system of a university in Northwest China’s Shaanxi Province – specializing in aviation, aerospace and navigation studies – pro-Beijing newspaper Global Times said in a report Monday.
Quoting a statement by the Beilin Public Security Bureau in Xi’an the report said that the attack attempted to lure teachers and students into clicking links of phishing emails with Trojan Horse programs, with themes involving scientific evaluation, thesis submission and information on foreign travel, so as to obtain their email login details.
To probe into the attack, China’s National Computer Virus Emergency Response Center and internet security company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case.
By extracting Trojan Horse samples from internet terminals of Northwestern Polytechnical University, the technical team initially identified that the cyber attack was conducted by the Tailored Access Operations (TAO) (Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of US’ NSA.
The Global Times said quoting an official (Chinese ) source that the attack was code-named "shotXXXX" by the NSA.
The investigation also found that in recent years, TAO has conducted tens of thousands malicious attacks against targets in China, controlling large numbers of network devices (web server, internet terminals, network switches, telephone switches, routers, firewalls, and etc.) to steal more than 140 GB of data.
Technical analysis also found that TAO had acquired the management authority of a large number of communication network equipment in China with the cooperation of several large and well-known internet enterprises in the US before the attack began, which made it easy for the NSA to continuously invade the important information network in China.
Aiming at Northwestern Polytechnical University, TAO used 41 types of weapons to steal the core technology data including key network equipment configuration, network management data, and core operational data. The technical team discovered more than 1,100 attack links infiltrated inside the university and more than 90 operating instruction sequences, which stole multiple network device configuration files, and other types of logs and key files, the source said.
It was found that 13 people from the US were directly involved in the attack and more than 60 contracts and 170 electronic documents that the NSA signed with American telecom operators through a cover company to build an environment for cyberattacks, according to the source.
The Global Times also learned from the source that TAO has used 54 jumpers and proxy servers in the network attack against Northwestern Polytechnical University, which were mainly distributed in 17 countries such as Japan, South Korea, Sweden, Poland and Ukraine, 70 percent of which are located in the countries surrounding China, such as Japan and South Korea.
On June 29, China's National Computer Virus Emergency Response Center and 360 also disclosed a new vulnerability attack weapon platform deployed by the NSA, which experts believe is the main equipment of TAO, and it targets the world with a focus on China and Russia.