Beijing rebukes U.S. over alleged cyberattack on Chinese university

China denounced the U.S. Embassy in Beijing following a joint report from two of the country’s most prominent cyber authorities accusing the National Security Agency of stealing “sensitive information” from Chinese institutions.

In a statement published Sunday, Yang Tao, the director-general of American affairs at China's Ministry of Foreign Affairs, said: "The actions of the U.S. side have seriously violated the technical secrets of relevant Chinese institutions and seriously endangered the security of China's critical infrastructure, institutions and personal information, and must be stopped immediately."

His complaint follows a report from China’s National Computer Virus Emergency Response Center (CVERC) — alongside the company 360 — which claimed the U.S. accessed the networks of Northwestern Polytechnical University, "a Chinese military university that is heavily involved in military research," according to the U.S. Department of Justice

The move is China’s latest diplomatic response to long-running criticisms from the U.S. and allies about Beijing’s alleged aggressive cyber espionage activity. 

Yang “lodged solemn representations” with the U.S. Embassy in Beijing, which is the MFA’s shorthand for expressing diplomatic discontent. It is a regular MFA activity and has not historically been a precursor to sanctions or any similar interruption to diplomatic relations. The U.S. State Department did not immediately respond to a request for comment.

The research from CVERC and 360, China’s main cyber incident response center and its largest antivirus company respectively, makes extensive reference to malware which had previously been publicly linked to the NSA, most notably through the Shadow Brokers leaks in 2016.

It also names and profiles Rob Joyce, currently the director of cybersecurity at the NSA, and claims to identify front companies and a fictional identity which it said was used to register domain names and SSL certificates as part of the operation.

Researchers, including Juan Andres Guerrero-Saade at Sentinel One Labs, have been critical of the technical sophistication of the CVERC/360 analysis. “Perhaps to them [CVERC] this is equivalent to an IntrusionTruth report (far from it),” he wrote, referring to a group that has publicly linked individuals to Chinese state-sponsored campaigns..

A British diplomatic source, speaking on the condition of anonymity to discuss Foreign Office business, described China’s public attribution and complaint to The Record as similar to those which the MFA has been advancing privately at diplomatic summits, particularly in response to Western criticisms about its espionage campaigns.

These campaigns have allegedly involved stealing intellectual property from organizations which the West does not regard as legitimate national security targets, but are instead being hacked because they offer China commercial advantages.

China was roundly criticized by dozens of Western states in July 2021 for failing to adhere to international cyber norms regarding the Microsoft Exchange attacks of that year, which exposed hundreds of thousands of companies around the world to attacks from cybercriminals.

The country’s diplomatic response to that criticism was vituperative. A day after the attribution and criticism — including detailed indictments unsealed by the U.S. Department of Justice — Zhao Lijian, one of the MFA’s most outspoken spokespeople, accused the U.S. of being “the world’s largest source of cyber attacks” alongside a litany of misdeeds.

Explaining the MFA’s diplomatic overtures — much of which is aimed towards so-called middle-ground states navigating relationships with both the West and East — its coordinator for cyber affairs, Wang Lei, complained: “In recent years, the U.S. has been insistently seeking after cyber military presence around China's neighboring countries in the name of ‘cybersecurity cooperation’.

“China’s position on this issue is very clear. We believe that what the U.S. has been doing poses severe damage to China’s security interests,” he added.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Alexander Martin

Alexander Martin

Alexander Martin is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.