China on Tuesday released investigation reports to disclose details of cyber attacks on a Chinese university launched by the U.S. National Security Agency (NSA).
According to China's National Computer Virus Emergency Response Center (CVERC), 41 types of cyber weapons were used by the NSA-affiliated Tailored Access Operations (TAO) Office in the recently exposed cyber attacks against China's Northwestern Polytechnical University.
Among them, the sniffing and stealing cyber weapon "Suctionchar" is one of the most direct culprits that led to the theft of a large amount of sensitive data, the CVERC said.
Being highly stealthy and adaptable to environment, "Suctionchar" can steal accounts and passwords of a variety of remote management and file transfer services on target servers, according to the report released by the CVERC in collaboration with cybersecurity company Beijing Qi'an Pangu Laboratory Technology Co., Ltd.
Technical analysis shows that "Suctionchar" can effectively work with other cyber weapons deployed by the NSA, the CVERC cited experts on cybersecurity as saying.
"Suctionchar" can be delivered by the TAO to target servers with the help of the "Acid Fox" vulnerability attack weapon platform, the NOPEN Trojan and other cyber weapons featuring vulnerability attacks and persistent control over infected devices, experts noted.
It is found that "Suctionchar" can run stealthily on target servers, monitor in real time users' input on the terminal program of the operating system console, and intercept all kinds of user names and passwords.
Once obtained by the TAO, these user names and passwords can be used to access other servers and network devices to steal files or deliver other cyber weapons, the experts said.
In the TAO's cyber attacks against the Chinese university, "Suctionchar" was found to have worked together with other components of the Bvp47 Trojan program, a top-tier weapon of the hacking Equation Group of the NSA.
According to a separate report released by the Pangu Laboratory Tuesday, the Bvp47 has been deployed to hit targets in 45 countries and regions around the world over a time span of more than 10 years.
The United States has launched indiscriminate cyber attacks around the world, rather than selectively targeting countries it deems strategic competitors, the laboratory said.
According to the laboratory, 64 systems in China were hacked by the Bvp47, making the country the biggest victim of the latest exposed cyber attacks, followed by 32 systems in Japan, 30 in the Republic of Korea, and 16 in Germany.