本月初,国家计算机病毒应急处理中心和360公司分别发布了关于西北工业大学遭受境外网络攻击的调查报告。近日,中方有关机构再次发布对美国国家安全局网络武器“饮茶”的技术分析报告。
在昨天(9月13日)下午的外交部例行记者会上,有记者提问:继此前国家计算机病毒应急处理中心和360公司发布关于西北工业大学遭受美国国家安全局网络攻击的调查报告后,中方有关机构今天再次发布对美国国家安全局网络武器“饮茶”的技术分析报告,引起媒体高度关注。中方对此有何评论?
"After China’s National Computer Virus Emergency Response Center (CVERC) and cybersecurity company 360 released investigation reports on the cyberattacks on Northwestern Polytechnical University from the US National Security Agency (NSA), relevant Chinese authorities today released a technical analysis report on the NSA’s cyberweapon 'suctionchar', triggering much media attention. What is China’s comment? "
“今天,中方有关机构发布了美国国家安全局攻击西北工业大学使用网络武器的技术分析报告,报告中披露了更多的细节和证据。”
"Relevant Chinese authorities today released analysis on the US NSA’s attack on Northwestern Polytechnical University using the cyberweapon, which disclosed more details and evidence."
图源:外交部网站
“中方已经通过多个渠道要求美方对恶意网络攻击作出解释并立即停止不法行为,但是迄今没有得到美方实质性的回应。我要强调的是,美方行径严重侵犯中国有关机构的技术秘密,严重危害中国关键基础设施安全、机构和个人信息安全,必须立即停止,并作出负责任的解释。”
“China has asked the US via various channels to explain its malicious cyberattacks and immediately stop its unlawful behavior, but have yet to receive anything substantive from the US. I want to stress that the US behavior has seriously infringed on tech secrets of relevant Chinese institutions, and gravely undermined the security of China’s critical infrastructure, institutions and personal information. The US must immediately stop this and offer a responsible explanation.”
据央视新闻报道,9月5日,国家计算机病毒应急处理中心和360公司分别发布了关于西北工业大学遭受境外网络攻击的调查报告,调查发现,此前西北工业大学声明遭受境外网络攻击,攻击方是美国国家安全局(NSA)下属的特定入侵行动办公室(TAO)。(戳这里回顾)
The National Security Agency of the United States is responsible for the cyberattack on the e-mail system of Northwestern Polytechnical University in Xi'an, Shaanxi province, China's National Computer Virus Emergency Response Center reported on Sep 5, following the conclusion of the initial investigation.
据新华社报道,9月13日,国家计算机病毒应急处理中心发布《美国NSA网络武器“饮茶”分析报告》(以下简称《报告》)。
On Tuesday, China released investigation reports to disclose details of cyber attacks on a Chinese university launched by the U.S. National Security Agency (NSA).
在这份最新的调查报告中,美国实施攻击的技术细节被公开。报告显示,在针对西北工业大学的网络攻击中,TAO办公室使用了41种网络武器,其中名为“饮茶(“suctionchar”)”的嗅探窃密类网络武器,是导致大量敏感数据遭窃的“罪魁祸首”之一。
According to China's National Computer Virus Emergency Response Center (CVERC), 41 types of cyber weapons were used by the NSA-affiliated Tailored Access Operations (TAO) Office in the recently exposed cyber attacks against China's Northwestern Polytechnical University.
Among them, the sniffing and stealing cyber weapon "Suctionchar" is one of the most direct culprits that led to the theft of a large amount of sensitive data, the CVERC said.
另据《环球时报》报道,相关网络安全专家介绍,TAO使用“饮茶”作为嗅探窃密工具,将其植入西北工业大学内部网络服务器,窃取了SSH等远程管理和远程文件传输服务的登录密码,从而获得内网中其他服务器的访问权限,实现内网横向移动,并向其他高价值服务器投送其他嗅探窃密类、持久化控制类和隐蔽消痕类网络武器,造成大规模、持续性敏感数据失窃。
A cybersecurity expert from the lab told the Global Times on Tuesday that TAO used "Suctionchar" as a tool to detect secrets, implanted it into the internal network server of Northwestern Polytechnical University, and stole the login password of remote management and remote file transfer services, such as SSH, so as to gain access to servers on the Intranet, and other high-value servers, resulting in the stealing of large-scale, persistent sensitive data.
经技术分析与研判,“饮茶”不仅能够窃取所在服务器上的多种远程管理和远程文件传输服务的账号密码,并且具有很强的隐蔽性和环境适应性。上文中的网络安全专家称,“饮茶”被植入目标服务器和网络设备后,会将自身伪装成正常的后台服务进程,并且采用模块化方式,分阶段投送恶意负载,具有很强的隐蔽性,发现难度很大。
“饮茶”可以在服务器上隐蔽运行,实时监视用户在操作系统控制台终端程序上的输入,并从中截取各类用户名密码,如同站在用户背后的“偷窥者”。
"Suctionchar" can not only steal accounts and passwords for remote transfer of files, but also is very capable of concealment and adapting to new environment. According to the anonymous expert, after being implanted into the target server and equipment, "Suctionchar" will disguise itself as a normal background service process, and send malicious load stage by stage, making it very difficult to find.
网络安全专家介绍:“一旦这些用户名密码被TAO获取,就可以被用于进行下一阶段的攻击,即使用这些用户名密码访问其他服务器和网络设备,进而窃取服务器上的文件或投送其他网络武器。”
"Once these usernames and passwords are obtained by TAO, they can be used to carry out the next stage of the attack to help the office steal files on the servers or deliver other cyber weapons," the cybersecurity expert said.
图源:视觉中国
技术分析表明,“饮茶”可以与NSA其他网络武器有效进行集成和联动,实现“无缝对接”。在TAO此次对西北工业大学实施网络攻击的事件中,“饮茶”嗅探窃密工具与Bvp47木马程序其他组件配合实施联合攻击。
Technical analysis shows that "Suctionchar" can effectively work with other cyber weapons deployed by the NSA, the CVERC cited experts on cybersecurity as saying.
In the TAO's cyber attacks against the Chinese university, "Suctionchar" was found to have worked together with other components of the Bvp47 Trojan program, a top-tier weapon of the hacking Equation Group of the NSA.
今年2月,北京奇安盘古实验室公开报告,披露了隶属于美国国家安全局(NSA)黑客组织——“方程式”专属的顶级武器“电幕行动”(Bvp47)的技术分析,其被用于奇安盘古命名为“电幕行动”的攻击活动中。该报告显示,在超过十年的时间里, “电幕行动”已侵害全球45个国家和地区。
According to a separate report released by the Pangu Laboratory, the Bvp47 has been deployed to hit targets in 45 countries and regions around the world over a time span of more than 10 years.
根据介绍, Bvp47木马具有极高的技术复杂度、架构灵活性以及超高强度的分析取证对抗特性,与“饮茶”组件配合用于窥视并控制受害组织信息网络,秘密窃取重要数据。其中,“饮茶”嗅探木马秘密潜伏在受害机构的信息系统中,专门负责侦听、记录、回送“战果”——受害者使用的账号和密码。
报告还指出,随着调查的逐步深入,技术团队还在西北工业大学之外的其他机构网络中发现了“饮茶”的攻击痕迹,很可能是TAO利用“饮茶”对中国发动大规模的网络攻击活动。
According to the source, Chinese experts also found traces of "Suctionchar" attack in the network of other institutions, which shows that the weapon is likely to have been used by TAO to launch a large-scale cyberattack on China.
综合来源:新华社,环球时报,Global Times,外交部网站,央视新闻,北京奇安盘古实验室官网
京公网安备 11010502033664号
