Chinese media claims that new evidence has been found to show National Security Agency is behind the cyber attacks on the Chinese military research university. According to Xinhua, Chinese experts retraced cyber attacks and they have found the source of the cyber attacks is Tailored Access Operation (TAO). And China claims that they have found the identities of 13 attackers.
2 weeks ago, China has released a report that reveals the US National Security Agency (NSA) used multiple cybersecurity tools in its recent attacks against a Chinese university. Amongst these are sniffing and Trojan programs, which Chinese researchers say led to the theft of a “large amount of sensitive data”.
China’s National Computer Virus Emergency Response Center (CVERC) on Tuesday said “41 types of cyber weapons” were tapped by NSA’s hacking unit, Tailored Access Operations (TAO), in the cyber attacks targeting China’s Northwestern Polytechnical University.
Today, according to the Chinese state media, Chinese experts were able to retrace the technical features, attack weapons and paths used in the cyber attack against China’s Northwestern Polytechnical University with the technical support from a number of European and Southeast Asian countries. The report is prepared by China’s National Computer Virus Emergency Response Center in collaboration with internet security company 360.
Chinese experts have found that those attacks originated from the NSA’s Office of Tailored Access Operation (TAO). The earlier research has found that TAO used 41 types of cyber weapons in the cyber attacks against the military research university. A hacker group called “Shadow Brokers” has exposed that 16 of the weapons used during cyber attack are identical to the Tailored Access Operation weapons.
The technical analysis found that the working time, language, and behavior habits of the attackers have also exposed that they are linked with Tailored Access Operation.
The report prepared by the Chinese experts shows more details about the process of NSA’s Office of Tailored Access Operation infiltration into the military research university’s internal network. According to the report, “FoxAcid” was used first to get into internal host servers. Then, TAO used remote control weapons to control key servers. Finally, TAO was able to get the authentication data by controlling network node equipments.
China claims that Tailored Access Operation was able to steal key configuration files that were used to monitor network equipment and internet users. They also claim that TAO stole some personal information of some important figures from China. Chinese experts claim that these important informations about key figures from China was sent to the headquarters of the National Security Agency using multiple jump servers.
Chinese report claims that they have found the true identities of 13 attackers. China said that they released the report to reveal details of the U.S. cyber attacks against the Chinese university because they want to show other countries how to protect themselves.