China claims to have identified US National Security Agency operatives involved in a cyberattack on Northwestern Polytechnical University. The spyware used, called “Second Date,” was developed by the NSA for cyberespionage purposes.
The disclosure came just three days after Beijing revealed more information about John Shing-wan Leung, a US citizen and Hong Kong permanent resident. The Chinese Ministry of State Security accused Leung of posing as a philanthropist while secretly gathering information. He was arrested in China two years ago and recently sentenced to life in prison for espionage.
Second Date Spyware Unmasked
According to state broadcaster CCTV, China’s National Computer Virus Emergency Response Centre, with the assistance of 360 Total Security, identified the individuals behind the cyberattack on Northwestern Polytechnical University. The spyware used in the attack, known as “Second Date,” was developed by the NSA to intercept network traffic and inject malicious codes.
Quoting a senior engineer at the National Computer Virus Emergency Response Centre, it was stated that the software used in the cyberespionage attacks was a potent tool that allowed attackers to take control of network devices and manipulate data traffic. Additionally, this software served as a “forward base” for subsequent attacks and was compatible with various operating systems and architectures. The engineer mentioned that it was often used in conjunction with network device vulnerability attack tools from the NSA’s Office of Tailored Access Operations, which is now called Computer Network Operations.
Furthermore, report revealed that the Chinese investigation team, after conducting global tracing, discovered that “thousands of network devices” across the country were still infected with the spyware and its derivatives. Additionally, they identified springboard servers in Germany, Japan, South Korea, India, and Taiwan that were remotely controlled by the NSA. These findings shed light on the extent of the cyberespionage operations and the presence of the NSA’s involvement in various locations.
Security Ministry Issues Concern
On Thursday, the state security ministry expressed concern about China being a major victim of persistent online threats. They have vowed to strengthen tracking, monitoring, and prevention of cyberespionage to effectively safeguard China’s network security. In their commentary, they emphasized the need to expose digital spies and ensure they have nowhere to hide.
Additionally, the ministry did not explicitly name specific countries or agencies, but they mentioned that dozens of intelligence agencies from different regions have carried out cyberattacks in China through specific agencies and cover companies. It’s alarming to know that foreign spies have not only directly conducted cyberattacks but also lured Chinese companies through outsourcing arrangements, paying for data and system loopholes.
The targets of these cyberattacks extend beyond government agencies. Foreign spies and intelligence agencies are also aiming for critical information infrastructure, major network systems, universities, research institutions, large enterprises, hi-tech companies, and even corporate executives, experts, and scholars.
