China claims that America’s National Security Agency used sophisticated cyber tools to hack into an elite Chinese research university. The attack allegedly targeted the Northwestern Polytechnical University in Xi’an (not to be confused with a California school of the same name), which is highly ranked in the global university index for its science and engineering programs.
The U.S. Justice Department has referred to the school as a “Chinese military university that is heavily involved in military research and works closely with the People’s Liberation Army,” which would make it as a pretty reasonable target for digital infiltration from America’s perspective.
China’s National Computer Virus Emergency Response Center (CVERC), a kind of digital defense agency equivalent to America’s CISA, recently published a report accusing the NSA of being behind the hacking incident. According to CVERC, the school was hacked by members of the Tailored Access Operations group (TAO)—an elite team of NSA hackers that specializes in clandestine intrusions. TAO, which first became publicly known back in 2013, helps the U.S. government break into networks all over the world for the purposes of intelligence gathering and data collection.
In this particular case, the unit appears to have used a host of hacking tools (41, to be exact) to break into Northwestern Polytechnical and steal data. One such tool, dubbed “Suctionchar,” is said to have helped infiltrate the school’s network by stealing account credentials from remote management and file transfer applications to hijack logins on targeted servers. The report also mentions the exploitation of Bvp47, a backdoor in Linux that has been used in previous hacking missions by the Equation Group—another elite NSA hacking team.
According to CVERC, traces of Suctionchar have been found in many other Chinese networks besides Northwestern’s, and the agency has accused the NSA of launching more than 10,000 cyberattacks on China over the past several years.