Summary: A Chinese cybersecurity report claims that the U.S. NSA was behind a significant cyberattack on Northwestern Polytechnical University in 2022, using various advanced malware and tactics. The report details specific tools and methods allegedly employed by the NSA’s Tailored Access Operations division, linking the attack to previous NSA operations. However, the veracity of these claims remains unverified by independent sources.
Affected: Northwestern Polytechnical University
Keypoints :
- NSA’s elite hacking unit, TAO, reportedly used over 40 malware strains in the attack.
- Link to NSA established through forensic analysis, timing, and infrastructure tracing.
- Notable tools include SHAVER, FOXCID, and OPERATION BEHIND ENEMY LINES, aimed at data exfiltration and stealth access.
- Analysts identified 41 different malware samples, including many matching those leaked by the Shadow Brokers.
- The attack was characterized by strong persistence methods, targeting edge network devices for long-term access.