Be careful of "drinking tea"!Western Industry University was exposed by another important detail of the American network attack →

13.09.2022

Number of this text: 1303, about 2 minutes old reading time

Guide: The main function of "Tea Drinking" is to steal the remote access password on the target host. In theory, "Tea Drinking" can also extract all the information that all attackers want to get. It is a powerful network weapon tool with advanced function and strong concealment.

Author | First Financial Money Children's Heart

On September 13, the National Computer Virus Emergency Treatment Center released the "Analysis Report of the American NSA Web Web" Analysis Report "attracted attention. In this regard, Mao Ning, a spokesman for the Ministry of Foreign Affairs, responded at a routine press conference: "The relevant Chinese agencies released the technical analysis report of the network weapon used by the National Security Agency to attack Northwestern Polytechnical University. The report disclosed more details and evidence. China has requested the United States to explain the malicious network attack through multiple channels and stopped illegal behavior immediately, but so far we have not received a substantial response from the United States. "

According to the latest analysis report, the NSA -dedicated network weapon "SuctionChar" is mainly aimed at the Unix/Linux platform. Its main function is to steal the remote access password on the target host. In theory, "Tea Drinking" can also extract all the information that all attackers want to get. It is a powerful network weapon tool with advanced function and strong concealment.

On June 22, a public statement issued by Northwestern University of Technology stated that the school was attacked by overseas network attacks. According to the relevant "Police Report", it was confirmed that a number of samples from overseas were found in the information network of Northwestern Polytechnical University. The Xi'an police have officially filed a case for investigation.

The National Computer Virus Emergency Treatment Center, etc., subsequently established a joint formation technical team, and preliminarily judged that related attack activities originated from the NSA "Specific Invasion Action Office" (TAO). The survey found that TAO used more than 40 different NSA exclusive network attack weapons such as "drinking tea", and flexibly configured the same network weapon according to the target environment. , Core technical data such as network management data, operation and maintenance data.

The latest report also shows that in the network attack operation, "tea drinking", as a sniffing tool, was implanted into the internal network server of Northwestern Polytechnical University. This network weapon is aimed at the Unix/Linux platform and cooperates with other network weapons. The attacker can control the malware to perform specific secret tasks by pushing the configuration file. You can also steal the user name and password information stored in other locations according to the configuration.

对此，一位网络安全专家向第一财经记者解释称：“嗅探窃密的意思就是获取同一网络其他主机之间的通信，比如获取密码。从此次窃密的场景来看，不是针对个人，而It is aimed at the network maintenance personnel. The horizontal penetration after obtaining a certain authority. "

The above experts also stated that "tea drinking" also has good openness, and can be effectively integrated and linked with other network weapons, such as combining remote control and encrypted communication to achieve the "modular" effect.

He also reminded that the stealing tool uses encryption and verification to strengthen its own security and concealment, which is a powerful network weapon tool with advanced functions and strong concealment. "The hidden strength means that the attacker cannot distinguish between the tool call during the attack, so that it is impossible to analyze what the purpose of the network attack program for." The expert said.

To this end, some experts said that in the process of informatization construction, it is recommended to select domestic products and "zero trust" security solutions. However, some experts told the First Financial reporter: "Cyber ​​security is a systematic project, which cannot be able to resist the attack by relying on one or two solutions."

"The competition for the control of network space is becoming increasingly fierce. This new space is that most people lack in -depth awareness. The methods and results of their attacks are often unknown, and the harm may be greater. The state, enterprises, and individuals attach great importance to it. "The person in charge of a network security company told the first financial reporter.

- END -