Beijing says it uncovered US National Security Agency operatives behind cyberattack on Chinese university

Name: ‘Stop stealing’: China condemns US over Trojan horse cyberattacks on state-funded university
Uploaded: 2023-09-14T05:05:31.000Z
Duration: 2 min 4 s
Description: ‘Stop stealing’: China condemns US over Trojan horse cyberattacks on state-funded university

‘Second Date’ software used in Northwestern Polytechnical University attack is potent cyber espionage tool developed by US agency, says state media

After global tracing, Chinese team reportedly found ‘thousands of network devices’ across the country still infected by the spyware and its derivatives

Reading Time:2 minutes

Why you can trust SCMP

China’s Ministry of State Security says foreign spies aim for China’s critical information infrastructure, universities, scientific research institutions, large enterprises, hi-tech companies and other institutions as well as individuals. Photo: Shutterstock

William Zheng

Published: 1:05pm, 14 Sep 2023Updated: 3:21pm, 14 Sep 2023

China says it has identified US National Security Agency operatives while investigating a recent cyberattack on Northwestern Polytechnical University, as its top spying and anti-espionage agency vowed on Thursday to root out all “digital spies”.

The revelation came just three days after Beijing released more details about John Shing-wan Leung, a Hong Kong permanent resident and US citizen the Chinese Ministry of State Security said posed as a philanthropist while snooping for information. He was jailed for life for espionage in May, two years after his arrest in China.

John Shing-wan Leung, 78, was arrested in China in April 2021. Photo: Alliances for China’s Peaceful Reunification, USA

State broadcaster CCTV said on Thursday that China’s National Computer Virus Emergency Response Centre, with help from Chinese antivirus company 360 Total Security, had discovered the identity of the National Security Agency (NSA) operative or operatives – the broadcaster did not specify how many or name them – after it extracted “multiple samples” of a spyware called “Second Date”.

It said the spyware was used in the cyberattack on Northwestern Polytechnical University in Shaanxi province.

02:04

‘Stop stealing’: China condemns US over Trojan horse cyberattacks on state-funded university

The report said technical analysis showed that Second Date was a cyberespionage weapon developed by the NSA to sniff out and hijack network traffic and insert malicious codes.

Quoting senior engineer at the National Computer Virus Emergency Response Centre Du Zhenhua, it said software was a potent cyberespionage tool that enabled attackers to take control of target network devices and the data traffic flowing through them, and use them as a “forward base” for the next stage of attacks. It could run on various operating systems and was compatible with multiple architectures.