NSA Cyberattack on China's National Time Service Center

Free, Unbiased, and Open threat intelligence

NSA Cyberattack on China's National Time Service Center

threat Profile

HIGH

National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT)

Description

The US National Security Agency (NSA) conducted a sophisticated multi-stage cyberattack campaign against China's National Time Service Center from March 2022 to June 2024. The attack began by exploiting vulnerabilities in foreign brand mobile phones to steal credentials, followed by deploying advanced custom malware frameworks to establish persistent access and conduct espionage on critical timing infrastructure systems.

MITRE ATT&CK Techniques

T1566 - Phishing T1078 - Valid Accounts T1105 - Ingress Tool Transfer T1027 - Obfuscated Files or Information T1055 - Process Injection T1574.001 - DLL Side-Loading T1112 - Modify Registry T1562.001 - Disable or Modify Tools T1041 - Exfiltration Over C2 Channel T1071 - Application Layer Protocol T1573 - Encrypted Channel T1090 - Proxy T1083 - File and Directory Discovery T1082 - System Information Discovery T1057 - Process Discovery T1018 - Remote System Discovery T1021.001 - Remote Desktop Protocol T1070 - Indicator Removal T1543.003 - Windows Service T1059.003 - Windows Command Shell

Related Entities

Threat Actors

NSA (National Security Agency) Equation Group NSA

Malware

NOPEN New_Dsz_Implant Back_Eleven DanderSpritz eHome_0cx

Metadata

Published

7 months ago

Views