Tag Archive for: NSA’s

China Accuses NSA’s TAO Unit of Hacking its Military Research University

/in


China Accuses NSA

China has accused the U.S. National Security Agency (NSA) of conducting a string of cyberattacks aimed at aeronautical and military research-oriented Northwestern Polytechnical University in the city of Xi’an in June 2022.

The National Computer Virus Emergency Response Centre (NCVERC) disclosed its findings last week, and accused the Office of Tailored Access Operations (TAO), a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA), of orchestrating thousands of attacks against the entities located within the country.

“The U.S. NSA’s TAO has carried out tens of thousands of malicious cyber attacks on China’s domestic network targets, controlled tens of thousands of network devices (network servers, Internet terminals, network switches, telephone exchanges, routers, firewalls, etc.), and stole more than 140GB of high-value data,” the NCVERC said.

CyberSecurity

According to the U.S. Department of Justice (DoJ), Northwestern Polytechnical University is a “Chinese military university that is heavily involved in military research and works closely with the People’s Liberation Army on the advancement of its military capabilities.”

The agency further said that the attack on the Northwestern Polytechnical University employed no fewer than 40 different cyber weapons that are designed to siphon passwords, network equipment configuration, network management data, and operation and maintenance data.

It also said that the TAO used two zero-day exploits for the SunOS Unix-based operating system to breach servers used in educational institutions and commercial companies to install what it called the OPEN Trojan.

The attacks are said to have been mounted via a network of proxy servers hosted in Japan, South Korea, Sweden, Poland, and Ukraine to relay the instructions to the compromised machines, with the agency noting that the NSA made use of an unnamed registrar company to anonymize the traceable information such as relevant domain names, certificates, and registrants.

Besides OPEN Trojan, the attacks entailed the use of malware it calls “Fury Spray,” “Cunning Heretics,” “Stoic Surgeon,” and “Acid Fox” that are capable of “covert and lasting control” and exfiltrating sensitive…

Source…

China claims it captured NSA’s ‘global internet control’ spy tool

/in


A Chinese state-run publication reported on Monday that the Chinese government has captured surveillance tools developed by the U.S. National Security Agency (NSA).

On Monday, The Global Times — a tabloid published by the ruling Chinese Communist Party — claimed it received an exclusive report from China’s National Computer Virus Emergency Response Center, describing its capture of an NSA-developed Trojan virus known as “NOPEN.” The Chinese outlet claimed the NSA hacking tool was “found to have controlled global internet equipment and stole large amounts of users’ information.”

The “NOPEN” virus software is able to target Unix/Linux systems, allowing hackers to remotely access targeted systems. From there, a hacker may use the software to steal files, access systems, redirect network activity or view a target’s communications. “NOPEN” is reportedly known for both its comprehensive control abilities as well as its ability to be concealed within targeted systems.

While the Chinese outlet emphasized the exclusivity of its new reporting, the software was actually leaked about six years ago.

“NOPEN” was among several hacking tools contained in leaks published by a hacker group known as the Shadow Brokers in the summer of 2016. The Shadow Brokers published hacking tools purportedly belonging to another hacking group known as the Equation Group. The Equation Group has been suspected of being connected to an NSA cyber-warfare and intelligence outfit, called the Tailored Access Operations unit.

Global Times’ new reporting that the Chinese government obtained the “NOPEN” hacking tool is not the first time China has been suspected of copying NSA hacking tools. More than a year prior, the cybersecurity firm Check Point Research published a report alleging the Chinese government had obtained another Equation Group hacking tool known as “EpMe” and replicated it for their own uses. The report alleged a suspect Chinese hacking group used an “EpMe” replica known as “Jian” against a U.S. target as early as 2013 – three years before the first Shadow Brokers published the first set of Equation Group hacking tools.

Global Times said the NSA used…

Source…

The NSA’s Inadvertent Role in the Major Cyberattack on Ukraine – Slate Magazine

/in

Slate Magazine

The NSA's Inadvertent Role in the Major Cyberattack on Ukraine
Slate Magazine
Besides, the NSA doesn't do very many hacks of the sort that the Shadow Brokers stole—hacks that involve “zeroday exploits,” the discovery and use of vulnerabilities (in software, hardware, servers, networks, and so forth) that no one has previously …

and more »

zero day – read more

NSA’s EthernalBlue exploit ported to Windows 10

/in

If you were running Windows 10, then you didn’t need to worry about your box being hit with the leaked NSA EternalBlue exploit; but things change and now researchers have ported EternalBlue to Windows 10.

After the WannaCry ransomware attack, some defenders focused on building detection rules to protect against the DoublePulsar backdoor implant; but beware as RiskSense researchers completely removed DoublePulsar. They warned that DoublePulsar is a “red herring for defenders to focus on, as stealthier payload mechanisms can be crafted.”

While they are not revealing all the details about the exploit chain so attackers can jump on them, they hope white hat security researchers benefit from the technical overview of the exploit process “so that new generic and targeted techniques can be developed to prevent attacks.”

To read this article in full or to leave a comment, please click here

Network World Security