According to joint reports published on February 18, 2025, by China’s National Computer Virus Emergency Response Center (CVERC) and cybersecurity firm Qihoo 360, the NSA’s Tailored Access Operations (TAO) unit—labeled “APT-C-40” by Chinese analysts—deployed over 40 bespoke malware strains to infiltrate NPU’s networks between 2020 and 2022. Chinese cybersecurity authorities have alleged that the U.S. National Security Agency (NSA) breached Northwestern Polytechnical University (NPU), a leading institution in aerospace and defense research, in a multi-year cyber espionage campaign. While independent verification remains pending, the disclosure shows the escalating tensions in cross-border cyber operations and underscores the vulnerability of network edge systems to state-sponsored exploitation. The attackers allegedly gained initial access by compromising Solaris-based servers in China’s neighboring countries using SHAVER, an automated exploitation tool targeting x86/SPARC systems with RPC services. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Forensic analysis revealed that TAO operators leveraged SECONDDATE, a network surveillance tool installed on border routers and firewalls, to intercept and redirect internal traffic to the NSA’s FOXACID platform. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Data exfiltration relied on OPERATION BEHIND ENEMY LINES, a toolkit that encrypted stolen files (var/tmp/.2e434fd8aeae73e1/erf/out/f/) before routing them through 54 proxy servers across 17 countries, including Sweden, Japan, and Mexico. FOXACID, a browser exploitation framework linked to Snowden-era disclosures, fingerprinteda victims’ devices and delivered zero-day payloads when users accessed platforms like Bilibili.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 21 Feb 2025 16:25:13 +0000