BEIJING: China has identified the U.S. National Security Agency (NSA) personnel responsible for the cyberattacks on China’s Northwestern Polytechnical University when analyzing a spyware, according to the latest technical analysis by China’s National Computer Virus Emergency Response Center (CVERC) in collaboration with internet security company 360, China Media Group (CMG) reported on Thursday.
According to the analysis, the spyware, dubbed SecondDate, is a cyber-espionage weapon developed by the NSA. It is able to carry out malicious activities such as eavesdropping and interception of network traffic, man-in-the-middle attacks, and the insertion of malicious code. When combined with other malware, it can facilitate complicated network espionage activities. During the investigation of the cyberattack, the CVERC has successfully extracted multiple samples of the spyware and locked down the identity of the NSA staff behind the cyber espionage operation.
SecondDate is a highly sophisticated cyber-espionage tool that allows attackers to fully take control of the targeted network devices and the network traffic passing through these devices, Du Zhenhua, a senior engineer at the CVERC, told CMG.
“That enables long-term data theft from hosts and users in the target network, and at the same time, it serves as a ‘forward base’ for the next stage of attacks, allowing for more cyberattack weapons [to be] delivered into the target network at any time,” said Du. The spyware can be widely applied as it supports various operating systems, including Linux, FreeBSD, Solaris and JunOS, and is compatible with a wide range of architectures.
It is usually used along with various tools of the NSA’s Office of Tailored Access Operation (TAO) for exploiting vulnerabilities in network devices, such as firewalls and routers, said Du. “Once a vulnerability attack is successful, the attacker obtains the control over the target device and can implant the cyber-espionage software into the target.” –The Daily Mail-GGTN news exchange item