China’s Ministry of State Security accused the National Security Agency of conducting a yearslong attack on China’s national timekeeping infrastructure to steal sensitive data and infiltrate the service for potential sabotage.
The NSA gained initial access to China’s National Time Service Center systems in April 2023 by using credentials lifted from employees’ mobile devices that were taken over via an exploited vulnerability a year prior, China’s MSS said Sunday in a translated statement on WeChat.
The alleged conflict between foreign intelligence services shows how China and the United States are locked in a fierce battle for any digital advantage or leverage point that benefits their national security and geopolitical interests.
“NSA does not confirm nor deny allegations in the media regarding its operations,” the NSA said in a statement via email. “Our core focus is countering foreign malign activities persistently targeting American interests, and we will continue to defend against adversaries wishing to threaten us.”
China’s MSS said it “obtained irrefutable evidence” of the attack, adding that it “shattered” the U.S. plot to steal secrets, infiltrate systems and commit sabotage by disrupting the attack chain and implementing additional security measures.
The NSA is accused of using 42 tools to conduct a “high-intensity cyberattack against multiple internal National Time Service Center network systems” from August 2023 to June 2024. China also accused the NSA of attempting to infiltrate the service’s ground-based timing system.
China’s intelligence and security agency did not say when it discovered the alleged attack nor when it removed the NSA from the timekeeping service’s systems. China’s embassy in Washington did not immediately respond to CyberScoop’s request for comment.
The NSA used virtual private networks to evade detection and forged digital certificates to bypass antivirus software, according to the MSS. National Time Service Center employees’ mobile phones were compromised in March 2022 when the NSA exploited a vulnerability in the text-messaging service of a non-China based mobile phone vendor, the MSS added.
China’s intelligence service said the National Time Service Center provides infrastructure for calculating international standard time, a critical service for communications, finance, power, transportation, defense and other sectors.
Cyberattacks against the Xi’an, China-based facilities could result in “incalculable damage and losses,” according to the MSS, including network communication failures, financial system disruptions, power outages and transportation interruptions.
The MSS accused the NSA of acting recklessly, undermining global cybersecurity with “relentless” continuous cyberattacks targeting China, Southeast Asia, Europe and South America.
“The U.S. has repeatedly hyped up the ‘China cyber threat’ theory, coercing other countries to hype up the so-called ‘Chinese hacker attacks,’ sanctioning Chinese companies and prosecuting Chinese citizens in an effort to confuse the public and distort the truth,” the MSS said in the statement on WeChat.
The agency added: “Ironclad facts have proven that the U.S. is the true ‘matrix’ and the greatest source of chaos in cyberspace.”
