FlagThis

Chinese cybersecurity entities are accusing the U.S. National Security Agency (NSA) of orchestrating a multi-year cyber espionage campaign against Northwestern Polytechnical University (NPU), a leading Chinese institution specializing in aerospace and defense research. The allegations, published by organizations such as Qihoo 360 and the National Computer Virus Emergency Response Center (CVERC), claim that the NSA’s Tailored Access Operations (TAO) unit, referred to as “APT-C-40” by Chinese sources, conducted the attack in 2022. The university disclosed the breach in June 2022, reporting phishing emails targeting staff and students as the initial vector.

According to Chinese investigators, the NSA allegedly deployed over 40 malware strains and leveraged zero-day vulnerabilities to gain access. Tools such as NOPEN and SECONDDATE, previously linked to the NSA, were reportedly used to establish persistence and intercept network traffic. Chinese cybersecurity firms attribute the attack to the NSA based on forensic analysis and operational patterns, noting that nearly all attack activity occurred during U.S. business hours, with no activity on weekends or U.S. holidays. A misconfigured script also revealed directory paths linked to TAO’s tools, including a Linux directory associated with NSA operations.

ImgSrc: blogger.googleusercontent.com

References:

• Privacy Guides Community - Latest topics - An inside look at NSA (Equation Group) attack on China - 22h
• GBHackers Security | #1 Globally Trusted Cyber Security News Platform - NSA Allegedly Hacked Northwestern Polytechnical University, China Claims - 12h
• Talkback Resources - China’s Cybersecurity Firms Reveal Alleged NSA (Equation Group) Tactics in University Hack [for] [mal] - 12h

Classification:

• HashTags: CyberEspionage NSA China
• Company: Chinese Cybersecurity Firms
• Target: Northwestern Polytechnical University
• Attacker: NSA
• Product: Network Data
• Feature: Cyber Espionage
• Type: Espionage
• Severity: Major