China claims that America’s National Security Agency used sophisticated cyber tools to hack into an elite research university on Chinese soil. The attack allegedly targeted the Northwestern Polytechnical University in Xi’an (not to be confused with a California school of the same name), which is highly ranked in the global university index for its science and engineering programs.
The U.S. Justice Department has referred to the school as a “Chinese military university that is heavily involved in military research and works closely with the People’s Liberation Army,” painting it as a reasonable target for digital infiltration from an American perspective.
China’s National Computer Virus Emergency Response Centre (CVERC), a kind of digital defence agency equivalent to America’s CISA, recently published a report accusing the NSA of being behind the hacking incident. According to CVERC, the school was hacked by members of the Tailored Access Operations group (TAO) — an elite team of NSA hackers that specialises in clandestine intrusions. TAO, which first became publicly known back in 2013, helps the U.S. government break into networks all over the world for the purposes of intelligence gathering and data collection.
In this particular case, the unit appears to have used a host of hacking tools (41, to be exact) to break into Northwestern Polytechnical and steal data. One such tool, dubbed “Suctionchar,” is said to have helped infiltrate the school’s network by stealing account credentials from remote management and file transfer applications to hijack logins on targeted servers. The report also mentions the exploitation of Bvp47, a backdoor in Linux that has been used in previous hacking missions by the Equation Group — another elite NSA hacking team.
According to CVERC, traces of Suctionchar have been found in many other Chinese networks besides Northwestern’s, and the agency has accused the NSA of launching more than 10,000 cyberattacks on China over the past several years.
On Sunday, the allegations against the NSA were escalated to a diplomatic complaint. Yang Tao, the director-general of American affairs at China’s Ministry of Foreign Affairs, published a statement affirming the CVERC report and claiming that the NSA had “seriously violated the technical secrets of relevant Chinese institutions and seriously endangered the security of China’s critical infrastructure, institutions and personal information, and must be stopped immediately.”
You can see why this would be upsetting. A geopolitical foe stealing your secrets is no government’s idea of a good time. On the other hand, it’s not exactly like China has a blameless track record when it comes to cyber-espionage. Since 2020, the U.S. has accused the Chinese of digitally infiltrating American phone networks, state governments, manufacturing firms, the private accounts of American journalists, and Microsoft, among many other targets. In short: China might be sorta calling the kettle black on this one.