Home > News content

The identity of the mysterious hacker who attacked the Western University of Technology has been locked.

via:新浪科技     time:2023/9/14 13:02:14     readed:141

The National computer virus Emergency response Center and the company recently conducted a technical analysis of a spyware called "second date," which is a cyber espionage weapon developed by the National Security Agency (NSA), CCTV News reported on Sept. 14. It is understood that in the process of investigating the cyber attack on Northwestern Polytechnic University by the National Security Agency (NSA) in conjunction with the National computer virus Emergency response Center, the National computer virus Emergency response Center successfully took several samples of this spyware and locked the true identity of NSA staff behind this cyber espionage operation.

According to technical analysis reports, "second date" spyware is a cyber espionage weapon developed by the US National Security Agency (NSA). The software can achieve malicious functions such as network traffic eavesdropping and hijacking, man-in-the-middle attacks, and inserting malicious code, and it can complete complex network "espionage" activities in cooperation with other malware.

Du Zhenhua, a senior engineer at the National computer virus Emergency response Center, said that the software is a high-level network espionage tool that enables attackers to fully take over the attacked (target) network devices and the network traffic flowing through these network devices, so as to achieve long-term secret theft from hosts and users in the target network, and can also be used as a "forward base" for the next stage of attack. Drop more cyber attack weapons into the target network at any time.

According to experts, "second date" spyware resides on network boundary devices such as gateways, border routers and firewalls for a long time, and its main functions include network traffic sniffing, network session tracking, traffic redirection hijacking, traffic tampering, and so on. In addition, the "second date" spyware supports running on a variety of operating systems and is compatible with a variety of architectures.

Du Zhenhua, a senior engineer at the National computer virus Emergency response Center, said the spyware is usually used in conjunction with a variety of network device vulnerability attack tools for firewalls and network routers from a specific intrusion Action Office (TAO). Once the vulnerability is successfully exploited and the attacker successfully gains control of the target network device, the network spyware can be implanted into the target network device.

The report shows that the National computer virus Emergency response Center and 360th Company and industry partners have conducted technical investigations around the world. After tracing layers of sources, they have found that thousands of network devices all over the world are still covertly running "second date" spyware and its derivative versions, and found springboard servers remotely controlled by the US National Security Agency (NSA). Most of them are in Germany, Japan, South Korea, India and Taiwan.

Du Zhenhua, a senior engineer at the National computer virus Emergency response Center, said that with the cooperation of multinational industry partners, our joint investigation has made a breakthrough. At present, the true identity of the relevant staff of the National Security Agency (NSA) who launched a cyber attack on Northwestern Polytechnic University has been successfully identified.

translate engine: Tencent

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments