Over the years, the US government has accused China of sponsoring cyberespionage. In a new report, a Chinese cybersecurity firm accused the National Security Agency (NSA) of creating a hacking program that attacked several countries and institutions, including India’s Banaras Hindu University and India Education Network.
Beijing-based Qi’an Pangu Lab released a report stating, ‘Over 287 targets in 45 countries were affected for over a decade’. This report examined malware that was discovered in 2013 during an investigation of a cyberattack on a significant domestic department. Researchers couldn’t figure out who was behind the hack at first, but after leaked data about Equation Group, widely believed to be the NSA, was released by Shadow Brokers and Der Spiegel, they were able to connect the dots and realize it was the NSA.
The investigation revealed that the multiple attack methods and attack operation guides detailed in ‘Shadow Broker’ are identical to the identifier used in the NSA operation manual for its network attack platform published by former CIA analyst Edward Snowden in the ‘Prism’ incident of 2013. In the report, it was alleged that since Snowden was prosecuted for ‘spreading national defense information without permission and intentionally spreading confidential information’, it could be determined that the documents published by ‘Shadow Brokers’ are indeed from NSA, which proves that ‘The Equation Group’ belongs to NSA, i.e. it is Bvp47 that is the top-tier backdoor of the NSA.
The Equation Group is the world’s leading cyber-attack group, and it is often linked to the National Security Agency (NSA) of the United States. ‘Considering the attack tools associated with the group, including Bvp47, Equation group does appear to be a first-class hacking group. The tool is well-designed, powerful, and widely used’. Using zero-day vulnerabilities, its network attack capability was unstoppable, and its data acquisition under covert control was simple. Equation Group has a dominant position in cyberspace confrontations on a national scale.
Reports indicate that many domain names have been affected by the attack, which lasted for over a decade. German, Russian, South Korean, Japanese, Swedish, Spanish, United Kingdom, Italy, as well as several institutions from Taiwan, as well as mainland China are among them. There are also some United States-based domain names.
In addition, one Japanese victim is being used as a jump server for additional attacks. Several countries, including the United States, have accused Beijing-backed hackers of cyber espionage over the years. China has been behind cyberattacks against multiple international institutions. Indian agencies have been reported to have also been targeted by Chinese hackers. Last year, state-sponsored hackers from China were suspected of infiltrating the national identity database of one of India’s largest media organizations and stealing its data. However, China’s Foreign Ministry denied the claim as well.
However, based on Pangu Lab’s latest analysis, Chinese cybersecurity firms may be beginning to follow in their western counterparts’ footsteps by performing greater attribution. China’s Foreign Ministry spokeswoman Hua Chunying stated in the latest press conference that she was deeply concerned about the irresponsible, malicious cyber activities exposed by the report, and she strongly urged the US to explain and halt all such activities immediately.
The American intelligence law allows the United States government to steal indiscriminately and massive amounts of data, even from allies. Despite this report showing that as well as China and other developing nations in Asia, Africa, and Latin America, the United States even targets its allies and partners, and its cyber attacks even reach its European allies, its fellow members of the ‘Quad and the Five Eyes’.
Post Your Comments