Possible US cyberattack targets Chinese information systems

A Trojan horse program that is believed to have been planted by the United States National Security Agency has been found in hundreds of key information systems in China. The possible leak of information may have already occurred, a leading cybersecurity expert said on Wednesday.

In a report published by internet security company 360 Security Group's WeChat public account on Wednesday, the Trojan horse program "validator" was described as an "advanced troop in US cyberattacks against China". It was first discovered in a key information system of a Chinese research institute.

According to files leaked by former NSA contractor Edward Snowden, validator is part of a backdoor access system under NSA's FoxAcid cyberattack platform.

The Trojan implant provides unique backdoor access to targeted computers. The program, which can be deployed remotely, targets Windows operating systems from Windows 98 through Windows Server 2003.

Once the computer is successfully attacked by validator, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA, an affiliate of the US Department of Defense.

Upon the discovery of validator, 360 then launched a nationwide screening. Its result showed that different versions of validator had existed in hundreds of key information systems in China for a long period of time. Furthermore, possible leaks may have already occurred, the company said in the report.

It added that validator may still be operating in some computers and continuing to send key information back to the NSA.

Also on Wednesday, China's National Computer Virus Emergency Response Center said in an analysis published on its official website that a number of Chinese research institutions have found traces of validator, which means that they may have become the targets of an NSA cyberattack.

What's more, special FoxAcid servers have been set up to carry out attacks particularly targeting China and Russia, according to the analysis.

Currently, FoxAcid remains a key cyberattack platform for Tailored Access Operations, the cyberwarfare intelligence agency under the NSA, to carry out cyberespionage operations against other countries, it added.

The center warned that governments, research institutes and businesses in other countries should also watch out for FoxAcid, which can attack any computer that is connected to the internet. Besides information theft, such attacks could also paralyze key information systems.

cuijia@chinadaily.com.cn