Security report reveals extent of US' cyber espionage
China Daily

Photo: IC

A Trojan horse program believed to have been planted by the United States' National Security Agency has been found in hundreds of key information systems in China, and a possible information leak may have already occurred, a leading cybersecurity company said on Wednesday.

In a report published by the 360 Security Group's WeChat public account on Wednesday, the Trojan horse program "validator" is described as the vanguard troops in the US cyberattack against China. It was first extracted from the key information system of a research institute in China.

According to files leaked by former NSA contractor Edward Snowden, "validator" is a part of a backdoor access system under NSA's FOXACID cyberattack platform. The Trojan implant provides unique backdoor access to computers of targets of national interest, including but not limited to terrorists. The program, which can be deployed remotely, targets Windows operating systems from Windows 98 through Windows Server 2003.

Once the computer is successfully attacked by "validator", it secretly calls back to a FOXACID server which then performs additional attacks on the target computer to ensure it remains compromised long-term and continues to provide eavesdropping information back to the NSA, an affiliate of the US Department of Defense.

Upon the discovery of "validator", 360 launched a nationwide screening. Its findings show different versions of "validator" have existed in hundreds of key information systems in China for a long time .

It added "validator" may still be operating in some computers and continue to send key information back to NSA.

Also on Wednesday, China's National Computer Virus Emergency Response Center said in an analysis published on its official website a number of Chinese research institutions have found traces of "validator", which means they have become targets of the NSA's cyberattack.

What's more, special FOXACID servers have been set up to carry out attacks particularly targeting China and Russia, according to the analysis.

Currently, FOXACID remains a key cyberattack platform for Tailored Access Operations, the cyber warfare intelligence agency under the NSA, to carry out cyber espionage operations against other countries.

The center warned governments, research institutes and businesses in other countries should also watch out for FOXACID, which can attack any computer that is connected to the Internet. Besides information theft, such attacks can also paralyze key information systems whenever the US government chooses.