China has reportedly determined the identities of the US National Security Agency (NSA) responsible for cyber-attacks on the Polytechnic University of China. This revelation came from the National Emergency Situations Center with Computer Viruses of China (CVRC) and IB-Companion 360. The Chinese media group (CMG) reported on these findings based on technical analysis.
The analysis revealed that the NSA has developed a spy software called Seconddate, which acts as a cyber weapon. This malicious software has the capability to intercept network traffic and carry out “man in the middle” (MITM) attacks. It can also introduce malicious code. When combined with other malicious programs, Seconddate enables complex spying actions throughout the network.
During the investigation of the CIBRC cyber attack, the CVRC removed various samples of espionage software and successfully identified the NSA employees involved in this cyberspy operation. According to the CVRC, Seconddate is an advanced tool that allows attackers to fully control target network devices and the network traffic passing through them.
Furthermore, the researchers found that this spy software can be used widely as it supports various operating systems including Linux, FreeBSD, Solaris, and Junos. It is also compatible with multiple architectures.
According to the report, Seconddate and its derivative versions are actively deployed in thousands of network devices across different countries. Most of the targeted NSA servers are located in Germany, Japan, South Korea, India, and Taiwan.
In related news, in June, the North-Western Polytechnic University was targeted by foreign hackers who sent phishing emails containing Trojan programs to both teachers and students. The aim of this attack was to steal their personal information and data. The police have described the attack as an attempt to trick the recipients into clicking on the malicious links in the phishing emails.