The Office of Tailored Access Operation (TAO) of the U.S. National Security Agency (NSA) has launched massive cyber espionage activities on specific targets located in the "blind spots" of its surveillance systems, and implanted more than 50,000 spyware around the world, according to the latest findings of a Chinese investigation.
Victims are mainly concentrated in Asia, Eastern Europe, Africa, the Middle East and South America. The internal documents of the NSA showed that almost all major cities in China are within the scope of NSA's operations, a large number of entities and their network assets have been compromised, said the report.
It is the third report on Volt Typhoon released by China’s National Computer Virus Emergency Response Center and the National Engineering Laboratory for Computer Virus Prevention Technology. It further disclosed the cyber espionage operations targeting China, Germany and other countries, which were launched by the United States and other Five Eyes countries.
On May 24, 2023, the cybersecurity authorities from the Five Eyes countries, the U.S., the UK, Australia, Canada and New Zealand, issued a joint cybersecurity advisory, claiming that they had discovered cluster of activity of interest associated with a "China state-sponsored cyber actor", known as Volt Typhoon, and these activities "affected networks across U.S. critical infrastructure sectors".
On April 15 and July 8, the National Computer Virus Emergency Response Center, the National Engineering Laboratory for Computer Virus Prevention Technology, and 360 Digital Security Group jointly released two investigation reports disclosing the U.S. government's narrative regarding Volt Typhoon is purely a fabrication crafted by the United States.
The reports also expose how U.S. government agencies, in order to maintain control over the so-called "warrantless surveillance rights", conducted indiscriminate monitoring of global telecommunications and internet users. This is done to enable related interest groups to gain greater political and economic benefits by fabricating nonexistent Chinese cyberattack threats. The nature of the event resembles a "house of cards" conspiratorial swindling campaign scheme targeting the U.S. Congress and taxpayers.
"The United States has many different ways to control spyware. To put it simply, one is remote control. They have a device codenamed cottonmouth, which looks like a USB connector and can be disguised as an interface like a keyboard or mouse. They connect this device to a device in a physically isolated network, and then send the stolen data out in the form of signals, and could even achieve control over it," said Li Baisong, deputy director of the Technical Committee at Antiy Labs.
Experts say that the TAO also uses "supply chain" attacks against some high-value targets with a high level of defense capabilities. The approach involves intercepting the attack targets within the logistics chain with collaboration of large U.S. internet companies or equipment suppliers. It disassembles and implants backdoors to U.S. network devices purchased by the targets before repackaging and shipping them.
"It mainly targets those with strong defense capabilities that are difficult to attack, especially those with high confidentiality levels, including companies, individuals and groups. Because of high secretiveness, it can achieve long-term latent theft. Therefore, it causes very serious impacts, whether in terms of breach of confidentiality or security risks, because it may paralyze the internet," said Du Zhenhua, senior engineer at the National Computer Virus Emergency Response Center.
U.S. intelligence agencies have established a large-scale global internet surveillance network, providing a large amount of high-value intelligence to the U.S. government agencies, which offers the U.S. government great advantage in the diplomatic, military, economic, scientific and technological fields.
The U.S. government and its intelligence agencies could put anyone on the list of monitoring. The report also cites instances of the United States conducting surveillance on its allies such as France, Germany, and Japan.
To maintain such a huge surveillance program, the annual funding budget is quite huge, and with the explosive growth of internet data, the demand for funding is bound to rise. This is also one of the main reasons why the U.S. government conspired with its intelligence agencies to plan and promote the Volt Typhoon operation, said the report.
"The amount of newly increased data is staggering every year or even every day, so are the resources it consumes and money it requires. Therefore, the false narrative of Volta Typhoon is actually intended to deceive Congress into investing more money in these projects. This is one of its main purposes. At the same time, it must use the false narratives to maintain the right of warrantless surveillance under Section 702. Meanwhile, it can also serve the purpose of smearing and defaming China," said Du.
Section 702 is a key provision of the Foreign Intelligence Surveillance Act (FISA) Amendments Act of 2008 that permits the government to conduct targeted surveillance of foreign persons located outside the United States, with the compelled assistance of electronic communication service providers, to acquire foreign intelligence information.
Over the years, the U.S. government has kept politicizing the issue of cyberattack attribution in a way that serves its own self-interests, said the report. Some companies, such as Microsoft and CrowdStrike, which have been influenced by the desire to appeal to U.S. politicians, government agencies and intelligence agencies, as well as to enhance commercial interests, kept providing intelligence under the banner of "China's cyber threat".
In its last part, the report said cybersecurity requires extensive international collaboration and called on all cybersecurity firms and research institutes to keep focusing on the research of cybersecurity threat prevention technology and how to provide users with higher-quality products and services.
U.S. implants 50,000 spyware in specific global targets: report
