5 October 2022

China Says U.S. Hacked University With 'Drinking Tea' Cyber-Sniffing Weapon

ED BROWNE 

Chinese cybersecurity experts have accused the U.S. National Security Agency (NSA) of launching cyberattacks on a university in northwest China with a malware program known as "drinking tea."

The alleged cyberattacks were said to have targeted the Northwestern Polytechnical University in China's Shaanxi Province—an institution known for aerospace and navigation research.

Specifically, the NSA group accused of carrying out the attacks is the Office of Tailored Access Operations (TAO), which is the NSA's cyber-warfare and intelligence-gathering unit.

The cyberattacks were announced by the university in June after emails were sent to students and teachers that contained malicious software intended to steal their personal data.

The emails reportedly contained Trojan horse programs, which appear to be normal computer programs but are actually intended to compromise the system once downloaded or run.

Investigations were launched by China's National Computer Virus Emergency Response Center alongside other cybersecurity groups, according to state news outlet Global Times, which cited an unnamed source.

Global Times reports that deeper analysis revealed that one of the malicious programs used in the attacks was known as "drinking tea", which can steal information such as account passwords and transfer files remotely. The program is difficult to find since it disguises itself as a normal background process.

The cybersecurity experts accused TAO of erasing system logs to avoid tracking, controlling the monitoring system of infrastructure operators, and collecting data on people with sensitive identities and sending this data back to the U.S.

Global Times reported that no cyberattacks were launched on Saturdays or Sundays or on major American holidays.

The NSA declined to comment on the reports when contacted by Newsweek.

China often accuses the U.S. of carrying out cyber-attacks. In February, the Beijing-based Qi An Pangu cybersecurity lab, which also assisted in the TAO investigation, reported that the NSA had been engaged in decade-long cyberattacks against 45 countries including U.S. allies such as the U.K.

Hua Chunying, spokesperson for China's Ministry of Foreign Affairs, told a press briefing at the time: "We express grave concern over the irresponsible, malicious cyber activities exposed by the report and strongly urge the U.S. to offer an explanation and immediately stop such activities.

"China will take necessary measures to uphold China's cybersecurity and interests."

In July last year, the U.S. accused China of conducting a global cyber-espionage campaign which Secretary of State Antony Blinken called "a major threat to our economic and national security." Beijing rejected the accusations.

No comments: