Exclusive: US' NSA Infiltrates China's Telecom Infrastructure in Attack on Leading Chinese Aviation University: Source

By Zhao Siwei

Sep 22, 2022 08:48 AM

US launches cyberattacks targeting China’s space and aviation university. Cartoon: Vitaly Podvitski

During the cyberattack against the email system of Northwestern Polytechnical University in China's Shaanxi Province - well-known for its aviation, aerospace and navigation studies - the US' National Security Agency (NSA) was found to have constructed a "legal" channel for remote access to the core data network of China's telecom operators so that the US' intelligence agency could infiltrate and control the country's telecom infrastructure, the Global Times learned from a source on Thursday. 

On June 22, Northwestern Polytechnical University announced that hackers from abroad were caught sending phishing emails with Trojan horse programs to teachers and students at the university, attempting to steal their data and personal information.

A police statement released by the Beilin Public Security Bureau in Xi'an the next day said that the attack attempted to lure teachers and students into clicking links of phishing emails with Trojan horse programs, with themes involving scientific evaluation, thesis defense and information on foreign travel, so as to obtain their email login details.

To probe into the attack, China's National Computer Virus Emergency Response Center and internet security company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case. 

By extracting many trojans samples from internet terminals of Northwestern Polytechnical University, under the support of European and South Asian partners, the technical team initially identified that the cyberattack to the university was conducted by the Tailored Access Operations (TAO) (Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of US' NSA.

Aiming at Northwestern Polytechnical University, TAO used 41 types of weapons to steal the core technology data including key network equipment configuration, network management data, and core operational data. The technical team discovered more than 1,100 attack links infiltrated inside the university and more than 90 operating instruction sequences, which stole multiple network device configuration files, and other types of logs and key files, the source said.

According to analysis of characteristics of TAO attack, infiltration tools and Trojan horse samples, the technical team also found that TAO has infiltrated a telecom operator in China, built a "legal" channel for remote access to the core data network, and attempted to controlled China's telecom infrastructure.

More details about TAO's cyberattack on Northwestern Polytechnical University will be released soon, the source said.