China on Sunday accused the US National Security Agency (NSA) of carrying out a “pre-planned” cyber attack targeting the National Time Service Center (NTSC), as it described the US as a “hacker empire” and the “biggest source of chaos in cyberspace”.
The Ministry of State Security (MSS) said in a WeChat post that it has uncovered “irrefutable evidence” of the agency’s involvement in the March 25, 2022 intrusion. The attack was ultimately foiled.
Established in 1966 under the jurisdiction of the Chinese Academy of Sciences (CAS), the NTSC is responsible for generating, maintaining and disseminating the national standard of time (Beijing Time).
“Any cyberattack that damages these facilities will jeopardize the secure and stable operation of ‘Beijing Time’, leading to serious consequences such as network communication failure, financial system disruption, power supply interruption, transportation paralysis, and space launch failure,” MSS said.
“This operation thwarted US attempts to steal secrets and sabotage through cyber attacks, fully protecting the security of ‘Beijing Time’.”
According to details shared in the WeChat post, the NSA exploited a security flaw in an SMS service of an unnamed foreign brand to surreptitiously compromise the mobile devices of several NTSC staff members, resulting in the theft of sensitive data. It did not disclose the nature of the vulnerabilities used to carry out the attack.
On April 18 the following year, the MSS claimed that the agency repeatedly used stolen login credentials to break into computers at the center to probe its infrastructure, followed by a new “cyber warfare platform” deployed between August 2023 and June 2024.
The platform activated 42 specialized tools to mount targeted high-intensity attacks on NTSC’s multiple internal network systems. The attacks also included attempts to conduct lateral movement in high-precision ground-based timing systems with the alleged goal of disrupting it.
The attacks, launched between late night and early morning Beijing time, involved the use of virtual private servers (VPS) located in the US, Europe and Asia to route malicious traffic and hide its origin.
“They adopted tactics such as forging digital certificates to bypass antivirus software and used high-strength encryption algorithms to completely erase attack traces, leaving no stone unturned in their efforts to carry out cyber attacks and intrusion activities,” MSS said.
The ministry said China’s national security agencies neutralized the attack and implemented additional security measures. It also accused the US of launching persistent cyber attacks against China, Southeast Asia, Europe and South America, adding that it leverages technological bases in the Philippines, Japan and China’s Taiwan province to launch these activities and obscure its involvement.
“At the same time, the US has repeatedly propagated the ‘China cyber threat theory’, forced other countries to escalate so-called ‘Chinese hacking incidents’, sanctioned Chinese enterprises, and prosecuted Chinese citizens – all in a futile effort to mislead the public and distort the truth,” it alleged.
