Search module is not installed.

US spyware implant planted by NSA found in China

29.06.2022

A Trojan horse program believed to have been planted by the United States National Security Agency has been found in hundreds of key information systems in China, and a possible information leak may have already occurred, a leading cybersecurity company said on Wednesday.

The Trojan horse program validated as the vanguard troops in the US cyberattack against China, according to a report released by the 360 Security Group's WeChat public account on Wednesday. It was extracted from the key information system of a research institute in China.

According to files leaked by former NSA contractor Edward Snowden, the validator is part of a backdoor access system under the FOXACID cyberattack platform. The Trojan implant gives you backdoor access to computers of targets of national interest, including but not limited to terrorists. The program, which can be deployed remotely, targets Windows operating systems from Windows 98 to Windows Server 2003.

Once the computer is successfully attacked by a validator, it secretly calls back to a FOXACID server, which then performs additional attacks on the target computer to ensure it remains compromised long-term, and continues to provide eavesdropping information back to the NSA, an affiliate of the US Department of Defense.

The nationwide screening was initiated after the discovery of Validator 360. Its findings show that validator has existed in hundreds of key information systems in China for a long time. It added that validator may still be in use in some computers and will continue to send key information back to the NSA.

In an analysis released on Wednesday, the National Computer Virus Emergency Response Center said that a number of Chinese research institutions have found traces of validator, which means they have become targets of the NSA's cyberattack.

Special FOXACID servers have been set up to carry out attacks, particularly targeting China and Russia, according to the analysis.

The FOXACID is a key cyberattack platform used by Tailored Access Operations, the cyber warfare intelligence agency under the NSA, to carry out cyber espionage operations against other countries.

The center warned governments, research institutes and businesses in other countries to be aware of the dangers of FOXACID, which can attack any computer connected to the Internet. Besides information theft, such attacks can also affect key information systems when the US government chooses to do so.