Washington’s cyberwarfare unit relied on a stealthy program as it hacked a prominent Chinese university, Global Times reports
US intelligence services used a “concealed and adaptable” cyberweapon to hack into one of China’s top universities, local media reported on Tuesday.
According to newspaper Global Times, Chinese experts have managed to capture a cyber tool allegedly used by the Office of Tailored Access Operation (TAO), a secretive unit of the US National Security Agency, in an attack on the information system of Northwestern Polytechnical University.
On September 5, China’s National Computer Virus Emergency Response Center revealed the results of the investigation into a range of attacks on this state-funded university, which specializes in aeronautics and space research. At the time, the authorities said that TAO used “more than 40 different NSA-specific cyberattack weapons” to steal the university’s data.
Meanwhile, according to experts interviewed by Global Times, the NSA cyberwarfare unit mainly relied on the so-called “drinking tea” tool which was implanted into the internal network of the university. This apparently enabled the culprits to steal passwords of remote management and remote file-transfer services, and gain Intranet access. As a result, a large trove of sensitive data was stolen.
The outlet’s source also indicated that the “drinking tea” is a highly stealthy tool as it can easily blend into new environments. After being implanted, this spyware would disguise as an ordinary background service process, which makes it very difficult to detect, the cyber-expert noted.
In his telling, the program may monitor what data the user is inputting via the console, allowing it to see all account names and passwords. “Once these usernames and passwords are obtained by TAO, they can be used to carry out the next stage of the attack to help the office steal files on the servers or deliver other cyber weapons,” the expert told the newspaper.
Resulting from this security breach, over 140GB of high-value data have been stolen by the US, according to China’s National Computer Virus Emergency Response Center. The NSA and State Department declined to comment on these allegations.
China has repeatedly accused the US of spying on universities, as well as on energy and internet companies. At the same time, Washington has blasted Beijing for stealing American commercial secrets, with FBI chief Christopher Wray claiming earlier this year that the nation had illegally retrieved “staggering volumes” of information, while being the source of more cyberattacks than all other countries combined.