Three months after US security agencies warned that Chinese-backed hackers had been targeting “major telecommunications companies and network service providers” for over two years, Chinese state media on Thursday accused the National Security Agency (NSA) of infiltrating a government-funded university and gaining access to ‘China’s telecommunications network,’ CNBC reports.
Citing an unnamed source, the Global Times accused the NSA of phishing – a hacking technique which uses malicious links or other methods to trick users into providing access credentials – to gain access to Northwestern Polytechnical University, where they allegedly stole “core technology data including key network equipment configuration, network management data, and core operational data,” along with other files.
The report goes on to claim that the NSA infiltrated Chinese telecom operators in an effort to “control the country’s infrastructure.”
The Global Times, citing its unnamed source, reported that more details about the attack on Northwestern Polytechnical University will be released soon.
For several years, China has accused the U.S. of cyberattacks but has not been specific. However, in the last few weeks, Beijing has been more vocal in attributing particular attacks to the U.S., in a ramping up of tensions between the two nations in the cyber sphere. -CNBC
The alleged attack was discovered by China’s National Computer Virus Emergency Response Center several weeks ago, which also accused the US of engaging in “tens of thousands” of cyberattacks on Chinese targets.
Conversely, the US has accused China of massive hacking operations – with FBI Director Christopher Wray claiming in February that Beijing’s cyberattacks have become “more brazen, more damaging, than ever before,” in their attempts to steal US information and technology.
In June, US security agencies warned that Chinese-backed hackers were targeting “major telecommunications companies and network service providers” since 2020.
In a June 7 cybersecurity advisory, they urged those affected to take immediate remedial action.
The advisory, coauthored by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), said the hackers “continue to exploit publicly known vulnerabilities,” using tactics to bypass defenses and keeping themselves undetected.
The agencies pointed out that the hackers allegedly utilized open-source tools, such as RouterSploit and RouterScan, and known software flaws in networking devices such as routers.
“[T]hese devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of Internet-facing services and endpoint devices,” noted the agencies.
The agencies did not identify the victim companies in the advisory, but they included a list of the common vulnerabilities and exposures (CVEs) most frequently exploited by the Chinese regime’s hackers since 2020, together with vulnerability types and the major vendors—Cisco, Citrix, D-Link, Fortinet, and Netgear.
They urged potential victims to shore up their networks by applying immediate patches, updating infrastructure, and disabling unnecessary ports and protocols.