China’s National Computer Virus Emergency Response Center (CVERC), in a joint report with cybersecurity company 360 Group, has announced the discovery of what it calls “irrefutable evidence” of cyberattacks against a key national facility. The report alleges that the U.S. National Security Agency (NSA) conducted a long-running espionage campaign targeting China’s National Time Service Center (NTSC).

The NTSC, a part of the Chinese Academy of Sciences, is the agency responsible for maintaining and releasing China’s standard time. According to the report, the cyberattacks were carried out by the NSA’s Office of Tailored Access Operations (TAO).

Details of the Alleged Cyber Espionage Campaign

The CVERC and 360 Group report claims that the NSA’s TAO unit successfully established a clandestine channel into the internal network of the NTSC. The objective of this access was reportedly to steal sensitive data from the center’s key network equipment and servers. The attacks are described in the report as being both “secret and long-lasting.” The report further states that TAO conducts tens of thousands of malicious network attacks against targets within China annually.

Technical Evidence and Attributed Tools

The technical analysis within the report identifies the use of a Trojan horse program named “NOPEN” as one of the primary tools in the cyberattack. The attackers allegedly exploited vulnerabilities in the NTSC’s front-end servers to gain initial access. Through this access, they were able to control servers located at the NTSC headquarters in Lintong District, Xi’an. The stated goal was to gain control of core data servers to facilitate long-term monitoring. The joint report asserts that the evidence chain pointing to the NSA’s TAO is “clear, complete, and sufficient.”