Redian新闻
>
新证据!网攻西工大的神秘黑客身份被锁定

新证据!网攻西工大的神秘黑客身份被锁定

公众号新闻

近日,国家计算机病毒应急处理中心和360公司对一款名为“二次约会”(SecondDate)的间谍软件进行了技术分析。分析报告显示,该软件是美国国家安全局(NSA)开发的网络间谍武器。


图源:央视新闻


During the investigation of the cyberattack against Northwestern Polytechnical University (NPU), a leading Chinese aviation university, China has successfully extracted multiple samples of the spyware named SecondDate, and with the collaborative efforts of partners in various countries, the real identity of the US' National Security Agency (NSA) personnel responsible for launching the cyberattack on NPU has been successfully identified, Global Times learnt from National Computer Virus Emergency Response Center (CVERC) and Chinese internet security company 360 on Thursday.


2022年6月,西北工业大学发布公开声明称,西北工业大学遭受网络攻击,有来自境外的黑客组织企图窃取相关数据。此后,我国成功侦破此次网攻的幕后凶手是是美国国家安全局(NSA)信息情报部(代号S)数据侦察局(代号S3)下属特定入侵行动办公室(TAO)(代号S32)部门。


In June 2022, NPU issued a public statement stating that it had been subjected to a cyberattack, with a hacker organization from overseas attempting to steal relevant data.


Afterwards, China successfully detected the mastermind behind this cyberattack was the Office of Tailored Access Operations (TAO, Code S32) under the Data Reconnaissance Bureau (Code S3) of the Information Department (Code S) of NSA.


据“影子经纪人”泄露的NSA内部文件,该“间谍”软件为NSA开发的网络武器,其主要部署在目标网络边界设备(网关、防火墙、边界路由器等),隐蔽监控网络流量,并根据需要精准选择特定网络会话进行重定向、劫持、篡改。


According to internal documents exposed by the group "Shadow Brokers," SecondDate is a cyber weapon developed by the NSA. It is primarily deployed on target network boundary devices such as gateways, firewalls, and edge routers. It covertly monitors cyber traffic and, as needed, selectively redirects, intercepts, and manipulates specific network sessions.


图源:央视新闻


最新消息显示,国家计算机病毒应急处理中心和360公司在侦办西北工业大学网络攻击案过程中,成功提取了该“间谍”软件的多个样本,并锁定了这起网络“间谍”行动背后NSA工作人员的真实身份。


The latest information shows that the CVERC and the company 360, during the investigation of this cyberattack case, have successfully extracted multiple samples of the spyware and identified the true identity of the NSA personnel behind this cyber "spying" case.


随后的技术分析发现,“间谍”软件是一款高技术水平的网络间谍工具。开发者应该具有非常深厚的网络技术功底,尤其对网络防火墙技术非常熟悉,其几乎相当于在目标网络设备上加装了一套内容过滤防火墙和代理服务器,使攻击者可以完全接管目标网络设备以及流经该设备的网络流量,从而实现对目标网络中的其他主机和用户实施长期窃密,并作为攻击的“前进基地”,随时可以向目标网络投送更多网络进攻武器。


The subsequent technical analysis revealed that the involved spyware is a highly advanced cyber espionage tool. The developers must have a very deep understanding of cyber technology, especially network firewall technology. It is equivalent to installing a set of content filtering firewalls and proxy servers on the target network devices, allowing the attacker to completely take control of the target network devices and the network traffic passing through them. This enables the attacker to carry out long-term theft on other hosts and users in the target network, and serve as a "forward base" for delivering more cyberattack weapon toward target network at any time.


“间谍”软件通常结合TAO的各类针对防火墙、路由器的网络设备漏洞攻击工具使用,在漏洞攻击成功并获得相应权限后,植入至目标设备。“间谍”软件使用控制方式分为服务端和控制端,服务端部署于目标网络边界设备上(网关、防火墙、边界路由器等),通过底层驱动实时监控、过滤所有流量;控制端通过发送特殊构造的数据包触发激活机制后,服务端从激活包中解析回连IP地址并主动回连。网络连接使用UDP协议,通信全程加密,通信端口随机。控制端可以对服务端的工作模式和劫持目标进行远程配置,根据实际需要选择网内任意目标实施中间人攻击。


The spyware concerned is usually used in conjunction with various firewall and router vulnerability exploitation tools of TAO. After successful vulnerability exploitation and obtaining the corresponding permissions, it is implanted into the target device. The control of spyware is divided into server-side and control-side. The server-side is deployed on the target network boundary devices such as gateways, firewalls, or edge routers, and it monitors and filters all traffic in real-time through underlying drivers. The control-side triggers the activation mechanism by sending specially crafted packets, and the server-side parses the reconnect IP address from the activation packet and initiates a connection, then choose any target within the network to carry out a man-in-the-middle attack according to actual needs.


The network connection uses the UDP protocol, and the communication is encrypted throughout. The communication port is random. The control-side can remotely configure the working mode of the server-side and the target of hijacking.


据相关人士介绍,中方与业内合作伙伴在全球范围开展技术调查,经层层溯源,在遍布多个国家和地区上千台网络设备中发现了仍在隐蔽运行“间谍”软件及其衍生版本,同时发现的还有被NSA远程控制的跳板服务器,这些国家和地区包括德国、日本、韩国、印度和中国台湾。“在多国业内伙伴通力合作下,我们的工作取得重大突破,现已成功锁定对西北工业大学发起网络攻击的NSA工作人员的真实身份。”


According to relevant sources, Chinese side and its industry partners have conducted technical investigations worldwide. Through tracing, they have discovered hidden spyware and its derivative versions in thousands of network devices spread across multiple countries and regions. They have also found jump servers remotely controlled by the NSA in countries and regions including Germany, Japan, South Korea, India, and China's Taiwan region.


"With the strong collaboration of partners in multiple countries, we have made significant breakthroughs and have successfully identified the true identity of the NSA personnel responsible for launching cyberattacks against NPU."


此次我方对 “间谍”软件样本的成功提取,并展开溯源,进一步表明中国防范抵御美国政府网络攻击和维护全球网络安全的决心,这种将美国政府实施网络犯罪的细节昭告世界的做法也证明中国具备“看得见”的网络技术基础,可以更有力地帮助本国和他国感知风险、看见威胁、抵御攻击,将具有国家背景的黑客攻击暴露在阳光下。


The successful extraction and tracing of the spyware sample further demonstrates China's determination to prevent and defend against US government-backed cyberattacks and safeguard global cyber security. This practice of revealing the details of cyber crimes launched by the US government to the world also proves that China has a "visible" foundation in cyber technology, which can effectively assist our country and other nations in perceiving risks, identifying threats, and resisting attacks, thereby exposing state-sponsored hacker attacks to the public.


相关人士向记者表示,适时将通过媒体公布NSA实施网络攻击人员真实身份信息。相信到时将会再次引发全球民众对美国政府肆意网攻他国的关注。


Relevant sources have told the Global Times that the real identities of individuals involved in NSA's cyberattacks will be disclosed through the media in due course. It is believed that this will once again draw global attention to the US government's indiscriminate cyberattacks on other countries.


来源:环球网


China Daily精读计划来了!
每天20分钟,
带你学英语,看世界!
点击图片,了解更多
↓↓↓


推 荐 阅 读




余华回应“潦草小狗”网图:不是发型的问题,是长相

门口挂的书包,竟是山里的“接头暗号”!


微信扫码关注该文公众号作者

戳这里提交新闻线索和高质量文章给我们。
相关阅读
华人神探李昌钰翻车,被判伪造证据!无辜男子34年冤狱背后,竟是惊天大阴谋?自主研发!西工大为水下无人潜航器戴上AI眼镜……听,教育早新闻来了AI伦理边界:西工大李学龙团队探索人工智能伦理计算早报|官方回应“北极鲶鱼事件调查结果不公开”;iPhone 14价格不降反涨;央行降准0.25个百分点;网攻西工大黑客身份已锁定西工大提出全新「群聊式」无人机控制框架!类人对话交互、主动环境感知、自主实体控制卫网君:清华震撼世人的EUV光刻厂方案?让子弹再飞一会儿;网攻西工大的神秘黑客身份已被锁定;美持续炒作对华科技制裁,效果适得其反新证据!网攻西工大的神秘黑客,身份已被锁定→关注!华裔神探李昌钰遭控,涉嫌伪造谋杀案证据!面临支付天价赔偿金…动物世界,镜头前的它美国政府“默默公布”UFO证据!战机被神秘球体骚扰甩不掉(图)干细胞疗法新突破!哈佛大学医学院:干细胞疗法为恢复眼部视力提供新证据,I期试验成果喜人!西工大新技术亮相了,千米海底能潜伏60天!伏击航母不在话下斩断“隔空猥亵”隐秘黑手就让我们彼此相爱吧 (Let’s love each other instead )突破!西工大仿生飞行器续航再破世界纪录……听,教育早新闻来了【老键曲库】Landscape in the mist theme这个世界就是个草台班子!这场世纪狗血大审判就是最新证据慢阻肺早诊早治,2023又添哪些新证据?利好来袭!华为、中兴突传重磅,1.8万亿资产全线飙升!美国神秘黑客身份锁定,什么情况?JAMA Ophthalmol|最新证据表明视力丧失或与痴呆症发生直接相关暗物质不存在?无暗物质宇宙模型又获新证据;“室温超导”科学家学术不端论文被撤稿,并将面临调查 | 环球科学要闻美方网攻西工大再添新证!“二次约会”软件是关键网攻西工大的神秘黑客,身份已被锁定!最新:武汉地震监测中心被网攻“幕后黑手”已锁定墨西哥展出疑似“外星生物”遗骸、美方网攻西工大再添新证、李在明绝食15天等丨今日天下谁挑战了白垩纪恐龙霸主地位?科学家发现新证据→希腊圣德米特里圣教堂(Holy Church of Saint Demetrius),列入世界遗产网攻西工大黑客身份被锁定!JAMA Ophthalmol | 最新证据表明视力丧失或与痴呆症发生直接相关战国故事《定风波》卷二(16):魂萦新证据!网攻西工大的黑客身份被锁定→手握美国核弹数据的黑客去世了,他后半生竟然全在反黑客。美高梅遭西方黑客网攻勒索 赌城ATM停摆酒店房卡失灵美国知名鉴识专家李昌钰被控伪造谋杀案证据!恐赔偿数千万美元网攻西工大的黑客身份被锁定!这款软件是网络间谍武器→
logo
联系我们隐私协议©2024 redian.news
Redian新闻
Redian.news刊载任何文章,不代表同意其说法或描述,仅为提供更多信息,也不构成任何建议。文章信息的合法性及真实性由其作者负责,与Redian.news及其运营公司无关。欢迎投稿,如发现稿件侵权,或作者不愿在本网发表文章,请版权拥有者通知本网处理。