Yuan Hong, Special correspondent for The Global Times: The National Computer Virus Emergency Response Center and 360 Corporation respectively released a special research report on The 28th. On the same day, they disclosed the acid-Fox vulnerability attack weapon platform (hereinafter referred to as "acid-Fox" platform), another cyber attack weapon subordinate to the NATIONAL Security Agency (NSA). Relevant experts to "global times" reporter, said the fox "acid" platform is the NSA subordinate computer network intrusion squad (CNE) battle gear, global coverage range, the key target point to China and Russia, the United States is not in doubt it is actively preparing to launch a larger cyberwarfare.
For China and Russia, "Sour Fox" platform set up a dedicated server
Recently, a number of Chinese research institutions have found traces of activity of the validator Trojan. "Validator" is a small, embedded Trojan that can be deployed remotely or manually on any Windows operating system, according to a report released by 360 on Tuesday. At the same time, it has 7× The 24-hour online capability allows N.S.A. systems operators and data thieves to upload and download files, run programs remotely, obtain system information, forge ids and, in certain circumstances, self-destruct in an emergency. The weapon allows the N.S.A. to gather information about a target's system's environment, while also allowing for the implantation of more sophisticated trojans.
The Trojan is believed to be the default version of the acid Fox platform. This suggests that the Chinese research institutes mentioned above were the victims of cyber attacks on the NSA's Acid-Fox platform.
According to the report, the "Acid Fox" platform is the NSA's office of Specific Intrusion Operations (TAO) to carry out cyber espionage operations against other countries, has become the main equipment of CNE. The weapon platform is mainly used to break through the host system located in the office Intranet of the victim, and implant various Trojan horses, backdoors and other programs to achieve persistent control. The Acid Fox platform is a distributed architecture consisting of multiple servers, classified by task type, including phishing, man-in-the-middle attacks, and post-penetration maintenance.
The CNE has one or more Sour Fox program instructors who can lead one or more Sour Fox operation teams consisting of several members who are responsible for directly supporting specific network intrusion operations and maintaining sour Fox servers. TAO deploys "Acid Fox" platform servers all over the world. Servers are distributed according to the target regions, including the Middle East, Asia and Europe, etc. The server with prefix XS is the master server for coordinating multiple tasks. Notably, the server numbered XS11 was explicitly assigned to GCHQ, the British intelligence agency, to conduct man-in-the-middle cyber attacks. In addition, TAO has dedicated "Acid Fox" platform servers for Both Chinese and Russian targets -- a series of servers numbered FOX00-64 are used to support CNE vulnerability attacks, with fox00-6401 dedicated to Chinese targets and FOX00-6402 dedicated to Russian targets.
Experts from the National Computer Virus Emergency Response Center told the Global Times that acid Fox will detect the software and hardware environments of target hosts before exploiting the vulnerability. A profile of the acid-fox platform's rules disclosed in the report shows that the platform explicitly targets computer anti-virus software in China and Russia for "technical confrontation." In addition, the U.S. has deployed cyber espionage servers targeting China and Russia on the Internet to implant malicious programs and steal intelligence.
Traces of "validator" Trojan horses have been found in hundreds of important Chinese information systems
Based on the successful extraction of the "validator" Trojan horse program samples from the important information system of a domestic scientific research institution, 360 company carried out scanning and detection in China for the first time. It was found that different versions of the Trojan had been running in hundreds of important information systems in China, and the implantation time was much earlier than the exposure of acid Fox platform and its components, indicating that NSA carried out network attacks on at least hundreds of important information systems in China.
To this day, multiple validator trojans are still running in some information systems, relaying information to N.S.A. headquarters. According to 360, "The discovery of 'validator' samples in local network servers or Internet access terminals indicates that these devices have been attacked by NSA, important information in the system has been stolen by NSA, and other nodes in the target system Intranet may be infiltrated and remotely controlled by NSA."
In addition, according to the "acid fox platform on the server filter rules, to judge the server hosting the target to attack, mainly aimed at China filter kaspersky anti-virus software in a key target in the environment, rising antivirus, jiangmin antivirus software in China, such as the popular antivirus software process matching and judgment can be implanted conditions. Qihoo 360 believes there are far more "validator" trojans running in critical information infrastructure in other countries than In China.
According to the report released by the National Computer Virus Emergency Response Center on The 28th, what is more frightening is that the NSA uses these weapon platforms in cooperation with other "Five Eyes alliance" national intelligence agencies to establish a network intelligence collection system covering the world, and sets up a large number of covert intelligence collection servers and cover platform servers around the world. A whole set of intelligence work mechanism has been established around this information collection system, which has maintained the largest scale of spy network in human history, and is still expanding, becoming a common threat to all mankind.
The experts said the United States will continue to conduct cyber espionage and cyber warfare in the future, despite the overwhelming evidence. On June 22, the US House Appropriations Committee passed a $761.6 billion defense spending bill for fiscal year 2023, which includes an $11.2 billion budget for the US Department of Defense's cyber activities, an 8% increase over the previous fiscal year, and increases the number of its cyber warfare forces from 137 to 142. The U.S. military is also advancing the JADC2 "Land, Sea, Air, Air and Cyber" command capability enhancement program to achieve overwhelming military superiority in all areas of space. The United States has also recently introduced a series of bills to increase the budget size of cyber security. America's approach cannot help raising the suspicion that it is actively preparing for a larger cyberwar.