The U.S. National Security Agency's Tailored Access Operations has been accused by China's National Computer Virus Emergency Response Center to deploy 41 different cyber weapons in cyberattacks against the Northwestern Polytechnical University in the city of Xi'an, ZDNET reports.
In a new report, the CVERC claimed that TAO leveraged the "Suctionchar" program to facilitate account and credential theft from remote management and file transfer services.
"Suctionchar can run stealthily on target servers, monitor in real-time users' input on the terminal program of the operating system console, and intercept all kinds of user names and passwords," said the report, which was co-authored by Chinese cybersecurity provider Beijing Qi'an Pangu Laboratory Technology.
Other components of Bvp47, a Trojan program claimed by Pangu Lab to be developed by the Equation Group, have also been used alongside Suctionchar, and has already been leveraged in attacks aimed at 45 countries for more than 10 years.
New attacks with the updated SysUpdate toolkit have been deployed by Chinese advanced persistent threat operation Budworm, also known as APT27, Emissary Panda, Bronze Union, Lucky Mouse, Iron Tiger, and Red Phoenix, against an Asian government and a Middle East-based telecommunications provider, reports The Hacker News.
Forty-five malicious NPM and PyPI packages have been deployed by threat actors to facilitate extensive data theft operations as part of a campaign that commenced on Sept. 12, according to BleepingComputer.
Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.