A possible US cyberattack targets Chinese information systems


A Trojan horse program allegedly planted by the United States National Security Agency has been discovered in hundreds of key information systems in China. The possible information leak may have already happened, a leading cybersecurity expert said on Wednesday.

In a report published Wednesday by the WeChat public account of internet security firm 360 Security Group, the Trojan program’s “validator” was described as an “advanced troop in US cyberattacks on China.” It was first discovered in a key information system of a Chinese research institute.

According to files leaked by former NSA contractor Edward Snowden, the validator is part of a backdoor access system under the NSA’s FoxAcid cyberattack platform.

The Trojan implant provides unique backdoor access to targeted computers. The program, which can be deployed remotely, targets Windows operating systems from Windows 98 to Windows Server 2003.

Once the computer is successfully attacked by the validator, it secretly calls back a FoxAcid server, which then performs additional attacks on the target computer to ensure it remains compromised for the long term, and continues to deliver wiretap information to the NSA, a subsidiary. of the US Department of Defense.

Upon discovery of the validator, 360 then launched a nationwide screening. His result showed that different versions of the validator have long existed in hundreds of key information systems in China. Additionally, possible leaks may have already occurred, the company said in the report.

He added that the validator may still work on some computers and continue to send key information back to the NSA.

Also on Wednesday, China’s National Computer Virus Emergency Response Center said in an analysis posted on its official website that a number of Chinese research institutes have found validator traces, meaning that they could have become the target of an NSA cyberattack.

Additionally, special FoxAcid servers have been set up to carry out attacks specifically targeting China and Russia, according to the analysis.

Currently, FoxAcid remains a key cyberattack platform for Tailored Access Operations, the cyberwarfare intelligence agency under the NSA, to conduct cyberespionage operations against other countries, he added.

The center warned that governments, research institutes and companies in other countries should also watch out for FoxAcid, which can attack any computer connected to the Internet. Besides stealing information, such attacks could also cripple key information systems.


Comments are closed.