The real identities of the people who launched the cyberattack against China's Northwestern Polytechnical University for the United States National Security Agency have been discovered, according to a report published on Thursday.
The university, known for its programs in the fields of aeronautics, astronautics and marine technology engineering, contacted the police after its internal servers were attacked in April last year.
It found that phishing emails with Trojan horse programs, which pretended to be research reviews, invitations to academic events and opportunities to study abroad, were sent to teachers and students at the university in an attempt to steal their data and personal information.
After analyzing data collected from the servers with cybersecurity company 360, many samples of malware SecondDate developed by the NSA have been extracted, the National Computer Virus Emergency Response Center said in the report. It's the latest evidence that the attack was carried out by the NSA.
"More importantly, we have discovered the real identities of those who launched the attacks against the university for the NSA," said Du Zhenhua, a senior engineer of the center. The center previously said that 13 people from the U.S. have been found to be directly involved in such attacks.
The sophisticated malware allows the attackers to fully take control of the infected servers so they can steal information for a long period of time. Also, it can help to implant other cyberattack weapons for future attacks, Du said.
Some core technical data of the university was stolen in those cyberattacks. The case has exposed the fact that the NSA has been carrying out cyber espionage activities in China for a long time, 360 said.
According to a report from the center in September last year, the Office of Tailored Access Operations affiliated to the NSA had launched thousands of attacks against the university via 41 tools and Second-Date was just one of them.
In the latest report, the center strongly advised government bodies, industry leaders, universities and research institutes to be on high alert at all times. Also, they need to be capable of handling cyberattacks backed by foreign governments.