FEBRUARY 24, 2022
The United States government has been accusing China and some other countries of sponsoring cyber-espionage for years. But now, a Chinese cybersecurity firm accused America’s National Security Agency (NSA) of being behind a hacking tool that targeted several countries and institutions including India’s Banaras Hindu University, India Education Network, as well as Indian Academy of Sciences.
This report, released by Beijing-based Qi’an Pangu Lab, says: “Over 287 targets in 45 countries affected, lasting for over a decade.”
This recently released report looks into malware discovered by researchers at Pangu Lab in 2013 during an investigation into a cyberattack on a significant domestic department.
According to the report, the researchers couldn’t figure out who was behind the hack at first, but after leaked data about the hacking group Equation Group—widely assumed to be the NSA—was released by a group called Shadow Brokers and the German magazine Der Spiegel, they were able to connect the dots and realised that it was the NSA.
The investigation revealed that the many methods and attack operation guides highlighted by “Shadow Broker” are identical to the lone identifier used in the NSA network attack platform operation manual published by former CIA analyst Edward Snowden in the “Prism” incident in 2013.
The report claimed that given the United States government’s prosecution of Snowden on three counts of “spreading national defence information without permission and intentionally spreading confidential information”, it can be determined that the documents published by “Shadow Brokers” are indeed NSA, which can fully prove that “The Equation Group” belongs to NSA, i.e., Bvp47 is the top-tier backdoor of NSA.
While referring to the name of the tool the researchers found, the report noted: “The Equation Group is the world’s leading cyber-attack group and is generally believed to be affiliated with the NSA of the United States. Judging from the attack tools related to the organisation, including Bvp47, Equation group is indeed a first-class hacking group.”
“The tool is well-designed, powerful and widely adapted. Its network attack capability equipped by zero-day vulnerabilities was unstoppable and its data acquisition under covert control was with little effort. The Equation Group is in a dominant position in national-level cyberspace confrontation,” the report added.
According to the report, the victims’ list of the attack—which lasted for more than 10 years—includes domain names across the world. For example, Germany, Russia, South Korea, Japan, Sweden, Spain, the United Kingdom, Italy, and several institutions from Taiwan, as well as mainland China—all of these are included in the list.
There are some targeted domain names that are from the United States.
Furthermore, it was found that one victim in Japan is being used as a jump server for additional attacks, claimed the report.
Needless to say that over the years, not only the United States but also several other countries have accused Beijing-backed hackers of cyberespionage.
Cyberattacks linked to China have targeted a number of international institutions. There are reports accusing Chinese hackers of targeting Indian agencies also.
For example, last year, it was reported that Chinese state-sponsored hackers were suspected of infiltrating and stealing data from an Indian government agency in charge of a national identification database as well as one of the country’s largest media organizations. But like previous allegations, China’s Foreign Ministry also denied it.
However, the latest analysis by Pangu Lab could indicate that Chinese cybersecurity firms are beginning to follow in the footsteps of their Western counterparts by performing greater attribution.
Regarding the report, China’s Foreign Ministry Spokesperson Hua Chunying said in the latest press conference: “We express grave concern over the irresponsible, malicious cyber activities exposed by the report and strongly urge the US to offer an explanation and immediately stop such activities. China will take necessary measures to uphold China’s cybersecurity and interests.”
“The American intelligence law allows the United States government to carry out massive and indiscriminate information and data theft, including on its allies. The revelations from this report show that besides China and other major developing countries in Asia, Africa and Latin America, the United States doesn’t even spare its allies and partners, and its cyber attacks even cover its European allies, its fellow members of the Quad and the Five Eyes,” she noted.