MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems

MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems

Oct 20, 2025Ravie LakshmananCyber Espionage / National Security

China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a “premeditated” cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a “hacker empire” and the “greatest source of chaos in cyberspace.”

The Ministry of State Security (MSS), in a WeChat post, said it uncovered “irrefutable evidence” of the agency’s involvement in the intrusion that dated back to March 25, 2022. The attack was ultimately foiled, it added.

Established in 1966 under the jurisdiction of the Chinese Academy of Sciences (CAS), NTSC is responsible for generating, maintaining, and transmitting the national standard of time (Beijing Time).

“Any cyberattack damaging these facilities would jeopardize the secure and stable operation of ‘Beijing Time,’ triggering severe consequences such as network communication failures, financial system disruptions, power supply interruptions, transportation paralysis, and space launch failures,” the MSS said.

DFIR Retainer Services

“This operation thwarted U.S. attempts to steal secrets and conduct sabotage through cyberattacks, fully safeguarding the security of ‘Beijing Time.'”

According to details shared in the WeChat post, the NSA is said to have exploited security flaws in an unnamed foreign brand’s SMS service to stealthily compromise mobile devices belonging to several staff members at NTSC, resulting in the theft of sensitive data. It did not disclose the nature of the vulnerabilities used to conduct the attack.

On April 18 the following year, the MSS claimed that the agency repeatedly used stolen login credentials to break into the computers at the center to probe its infrastructure, followed by deploying a new “cyber warfare platform” between August 2023 and June 2024.

The platform activated what it described as 42 specialized tools to mount high-intensity attacks aimed at multiple internal network systems of NTSC. The attacks also involved attempts to conduct lateral movement to a high-precision ground-based timing system with the alleged goal of disrupting it.

The attacks, launched between late night and early morning Beijing time, involved the use of virtual private servers (VPSes) based in the U.S., Europe, and Asia to route malicious traffic and conceal its origins.

“They employed tactics such as forging digital certificates to bypass antivirus software and employed high-strength encryption algorithms to thoroughly erase attack traces, leaving no stone unturned in their efforts to carry out cyberattacks and infiltration activities,” the MSS said.

CIS Build Kits

The ministry said China’s national security agencies neutralized the attack and implemented additional security measures. It also accused the U.S. of launching persistent cyber attacks against China, Southeast Asia, Europe, and South America, adding that it leverages technological footholds in the Philippines, Japan, and China’s Taiwan Province to launch these activities and obscure its own involvement.

“Simultaneously, the U.S. has resorted to crying wolf, repeatedly hyping the ‘China cyber threat theory,’ coercing other countries to amplify so-called ‘Chinese hacking incidents,’ sanctioning Chinese enterprises, and prosecuting Chinese citizens – all in a futile attempt to confuse the public and distort the truth,” it alleged.



Source link

About Cybernoz

Security researcher and threat analyst with expertise in malware analysis and incident response.