China reveals details of U.S. cyberattack on major encryption provider

(ECNS) -- U.S. intelligence agencies launched cyberattacks against a major Chinese commercial cryptography provider in 2024, stealing sensitive data, according to a report from China's National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT).

The report states that attackers exploited an undisclosed vulnerability in the company's customer relationship management system to gain access, implanting a specialized Trojan for control and data theft. Through lateral movement, they later infiltrated the company's product and project code management systems.

The stolen data reportedly includes approximately 950MB of information, covering details of more than 600 users, over 8,000 customer profiles, and more than 10,000 contract orders — some involving key government departments. Additionally, about 6.2GB of critical project data, including cryptography research and development codes, was taken from the code management system.

CNCERT's analysis revealed the tools of attack were technically linked to those previously used by U.S. intelligence agencies. Besides, the attacks mainly occurred during U.S. working hours and demonstrated sophisticated methods to evade tracing, including frequent IP switching and deletion of logs.

Detailed information about the cyberattack has been disclosed to assist relevant countries and organizations worldwide in effectively identifying and preventing similar U.S. cybercrime, the CNCERT said.

（By Zhao Li）