Jun 29, 2022, 01:33 am
Written by Zhao Siwei
Published: June 29, 2022
China's official virus emergency response office and leading cybersecurity company on Wednesday disclosed a new vulnerability attack weapon platform deployed by the US National Security Agency (NSA), which cybersecurity experts believe is the main equipment of the NSA's computer network hacking operation team, and its targets cover the world with the focus on China and Russia.
US' move raised wide suspicions that the country might be preparing for a bigger cyberwar, experts noted.
Recently, a number of Chinese research institutions have found traces of activity of the validator Trojan. A report the Global Times obtained from Internet Security Company 360 on Wednesday shows "validator" is a small embedded Trojan that can be deployed remotely or manually on any Windows operating system, from Windows 98 to Windows Server 2003.
At the same time, it has a 24/7 online operation capability, allowing NSA system operators and data thieves to upload and download files, remotely run programs, obtain system information, forge ids and self-destruct in emergency situations. The weapon allows the NSA to collect information about the environment of a targeted system, while also enabling the installation of more sophisticated trojans, the report shows.
Earlier, the company discovered that the NSA had used a series of cyber weapons to launch continuous attacks against government agencies, important organizations and information infrastructure targets in countries around the world, including China. During the attack, the NSA would implant backdoor programs represented by "validator," which could be hidden in the internet terminals of target users for a long time, and then launch more complex network attacks through these backdoor programs.
The Trojan is believed to be the default version of the NSA's "Acid Fox" attack weapon. This indicates that the Chinese research institutes mentioned above were subjected to cyberattacks by the NSA's Acid Fox vulnerability attack weapon platform.
According to the report, the Acid Fox platform is an important infrastructure for the Tailored Access Operations (TAO), the cyber warfare intelligence agency under the NSA, to carry out cyber espionage operations against other countries, and has become the main equipment of the US' Computer Network Intrusion Operation Team (CNE).
The weapon platform is mainly used to break through the host system located in the office intranet of the victim, and implant various Trojan horses and backdoors into it to realize persistent control. Acid Fox platform uses a distributed architecture, consisting of multiple servers, and classifies tasks according to task types, including phishing, man-in-the-middle attacks, post-penetration maintenance, etc.
Notably, the server numbered XS11 was explicitly assigned to GCHQ, the British intelligence agency, to conduct man-in-the-middle cyberattacks. In addition, TAO has dedicated servers for targets in China and Russia.
An expert from China's National Computer Virus Emergency Response Center told the Global Times on condition of anonymity on Wednesday that the "Acid Fox" platform will detect the software and hardware environments of target hosts before exploiting the vulnerability. The platform's rule profile disclosed in the report shows that the weapon explicitly targets computer anti-virus software in China and Russia for "technical confrontation."
In addition, the US has deployed cyber espionage servers targeting China and Russia on the internet to implant malicious programs and steal intelligence, the expert said.
In order to maintain its cyber hegemony, the US has been monitoring the world. As recently as June 1, NSA Director and Cyber Command head Gen Nakasone confirmed that the US had launched a series of offensive cyber operations against Russia in support of Ukraine amid the conflict between Russia and Ukraine.
While conducting espionage against global targets, the US also spares no effort to perform "a thief shout to catch a thief," tied its so-called allies to trumpet "China threat" theory, slander China's network security policy and international economic and cultural exchanges plans, the expert said, slamming the country for cracking down on Chinese companies and news media operating legally abroad and even inciting antagonism among the people, and encouraging so-called hackers to launch cyberattacks on foreign targets.
https://www.globaltimes.cn/page/202206/1269300.shtml
Published: June 29, 2022
China's official virus emergency response office and leading cybersecurity company on Wednesday disclosed a new vulnerability attack weapon platform deployed by the US National Security Agency (NSA), which cybersecurity experts believe is the main equipment of the NSA's computer network hacking operation team, and its targets cover the world with the focus on China and Russia.
US' move raised wide suspicions that the country might be preparing for a bigger cyberwar, experts noted.
Recently, a number of Chinese research institutions have found traces of activity of the validator Trojan. A report the Global Times obtained from Internet Security Company 360 on Wednesday shows "validator" is a small embedded Trojan that can be deployed remotely or manually on any Windows operating system, from Windows 98 to Windows Server 2003.
At the same time, it has a 24/7 online operation capability, allowing NSA system operators and data thieves to upload and download files, remotely run programs, obtain system information, forge ids and self-destruct in emergency situations. The weapon allows the NSA to collect information about the environment of a targeted system, while also enabling the installation of more sophisticated trojans, the report shows.
Earlier, the company discovered that the NSA had used a series of cyber weapons to launch continuous attacks against government agencies, important organizations and information infrastructure targets in countries around the world, including China. During the attack, the NSA would implant backdoor programs represented by "validator," which could be hidden in the internet terminals of target users for a long time, and then launch more complex network attacks through these backdoor programs.
The Trojan is believed to be the default version of the NSA's "Acid Fox" attack weapon. This indicates that the Chinese research institutes mentioned above were subjected to cyberattacks by the NSA's Acid Fox vulnerability attack weapon platform.
According to the report, the Acid Fox platform is an important infrastructure for the Tailored Access Operations (TAO), the cyber warfare intelligence agency under the NSA, to carry out cyber espionage operations against other countries, and has become the main equipment of the US' Computer Network Intrusion Operation Team (CNE).
The weapon platform is mainly used to break through the host system located in the office intranet of the victim, and implant various Trojan horses and backdoors into it to realize persistent control. Acid Fox platform uses a distributed architecture, consisting of multiple servers, and classifies tasks according to task types, including phishing, man-in-the-middle attacks, post-penetration maintenance, etc.
Notably, the server numbered XS11 was explicitly assigned to GCHQ, the British intelligence agency, to conduct man-in-the-middle cyberattacks. In addition, TAO has dedicated servers for targets in China and Russia.
An expert from China's National Computer Virus Emergency Response Center told the Global Times on condition of anonymity on Wednesday that the "Acid Fox" platform will detect the software and hardware environments of target hosts before exploiting the vulnerability. The platform's rule profile disclosed in the report shows that the weapon explicitly targets computer anti-virus software in China and Russia for "technical confrontation."
In addition, the US has deployed cyber espionage servers targeting China and Russia on the internet to implant malicious programs and steal intelligence, the expert said.
In order to maintain its cyber hegemony, the US has been monitoring the world. As recently as June 1, NSA Director and Cyber Command head Gen Nakasone confirmed that the US had launched a series of offensive cyber operations against Russia in support of Ukraine amid the conflict between Russia and Ukraine.
While conducting espionage against global targets, the US also spares no effort to perform "a thief shout to catch a thief," tied its so-called allies to trumpet "China threat" theory, slander China's network security policy and international economic and cultural exchanges plans, the expert said, slamming the country for cracking down on Chinese companies and news media operating legally abroad and even inciting antagonism among the people, and encouraging so-called hackers to launch cyberattacks on foreign targets.
https://www.globaltimes.cn/page/202206/1269300.shtml