[Wen/Observer Network columnist Shen Yi]

Recently, China's national security organs successfully cracked a national cyber attack case in the United States, obtained ironclad evidence that the National Security Agency (NSA) invaded China's national time service center, and smashed the US plot to infiltrate and undermine the security of "Beijing Time". This attack has typical advanced persistent threat (APT) characteristics, and its target is directly at the key information infrastructure related to the lifeline of the country-the National Timing Service Center, which is responsible for the generation and broadcast of "Beijing Time".

APT locks key infrastructure at national level: ¡°Beijing time¡± under three phases of cyberattack

The state timing center located in Shaanxi, Xi'an, is responsible for providing high-precision standard time for communications, finance, electricity, transportation, national defense and other fields, once its network is paralyzed, it will cause communication failure, financial system disruption, power disruption, traffic transport paralysis, space launch failure and other serious consequences, and it is difficult to estimate the dangers to China's national security and development.

According to the materials published by relevant departments, the U.S. launch of cyber attacks on such critical targets is clearly prepared and plotted for a long time, and the attack process is divided into the following three stages:

The first stage is remote control and the back door is implanted. The attacker took advantage of a vulnerability in a smartphone short message service of a foreign brand to carry out targeted attacks on multiple staff members of the National Time Service Center and secretly controlled their mobile terminals, thereby implanting backdoor programs and stealing sensitive data stored in the mobile phone. This "harpoon" cyber espionage activity began on March 25, 2022 and is extremely secretive and shows a highly professional technical level.

The second phase involves intrusion and theft of credentials. Attackers use the log-in credentials obtained in the first phase to remotely infiltrate the internal computer systems of the National Timecenter on several occasions from April 18, 2023, spotting the network architecture and system construction of the center. Through the backdoors that have been implanted, the attackers gradually expand their presence within the target network to prepare for a deeper level of infiltration.

Stage 3, latent implantation, pre-positioned weapon. From August 2023 to June 2024, the attackers launched a new network combat platform, used as many as 42 customized special network attack weapons, launched high-intensity attacks on multiple internal network systems in the timing center, and tried to pass through the intranet. Move into the core part, the high-precision ground-based timing system, and preset paralysis and destruction capabilities in key control systems. This series of actions is intended to lay a "cyber bomb" that can be detonated remotely for potential future conflicts.

It can be imagined that its ultimate goal is to disrupt the synchronous operation of China's financial, transportation, military and other critical systems when China faces a major security crisis, causing a chaos in the overall synergy system, which is one of the core features of national-level cyber attacks.

It is worth noting that in order to avoid tracking and extend the incubation time, the U.S. side has carefully adopted the multiple concealment methods used by APT: for example, cyber attacks are launched late at night and early in the morning in Beijing, and use the numerous virtual dedicated servers distributed in the United States, Europe, Asia and other places as a "hopboard" to hide the true source; by fake digital certificates bypass security monitoring, use high-strength encryption algorithms to repeatedly erase the trace of the attack, attempting to do "incubation and unconscious".

The "nested encryption" mode used by cyber attacksTechnical Analysis Report on National Timing Center Suffered by NSA Cyber Attacks

It can be said that the attackers did their utmost to hide their own trajectory. However, the Chinese security department met the tricks, successfully captured and fixed the chain of evidence of U.S. cyberattack behavior, timely directed the timecenter to comprehensively clear the handling, cut off the attack link, upgraded the defense measures, thus eliminating potential major hidden hazards. This series of rapid counter-action actions fully reflects China's perception, traceability and blocking capabilities of APT advanced threats have reached new heights.

U.S. cyber hegemony cries to stop thieves, violating international consensus and norms

The cyber attack on China's critical infrastructure by the U.S. intelligence and network departments violated the important consensus reached by the two heads of state in 2015 on "no cyber attacks against each other's critical infrastructure" and the national cyber spatial conduct norms advocated by the United Nations.

During the 2015 meeting between the heads of state of China and the United States, the two countries agreed to jointly promote the formulation of a code of conduct for cyberspace, and clearly supported the normative consensus put forward in the report of the United Nations Group of Governmental Experts that year, including that countries should not deliberately destroy other countries 'critical infrastructure. However, the United States has now blatantly reneged on its promise and listed other countries 'critical information infrastructure as a legitimate target of cyber attacks. Its behavior has caused serious damage to the international cybersecurity consensus. It was the Democratic President of the United States who reached the agreement at the beginning. The attack occurred not only at the same time, but also the Vice President in 2015. In this context, the US attack not only constitutes an objective threat to China, but also poses a serious impact and challenge to the strategic mutual trust between China and the United States at the conceptual level.

Even more alarming, the United States has consistently been keen to implement cyber penetration and deployment of cyber weapons on a global scale, becoming the largest source of threats and troubles in cyberspace, not only threatening China, but also affecting the world, in particular, this impact is expressed in the following two aspects:

On the one hand, U.S. intelligence agencies and military cyber forces unscrupulously launch cyber attacks on countries around the world, including China. They not only invade and control other countries 'critical infrastructure, steal sensitive intelligence, and monitor the privacy of political figures, but also often use the technology bases stationed in third countries (such as the Philippines, Japan, and China Taiwan) to launch cyber attacks to frame others and evade their own responsibilities.

As early as 2017, the United States upgraded its Cyber Command to the 10th Joint Operations Command alongside the land, sea, air and space, and publicly included critical infrastructure of other countries in its cyber strike scope; In 2018, the cyber strategy of the U.S. Department of Defense emphasized the need to take a "preemptive strike" offensive in cyberspace. It can be said that the United States continues to promote the expansion of its cyber hegemony. Strategically, it is not only not bound by the 2015 consensus, but instead regards attacking other countries' infrastructure as a means to safeguard its own interests.

On the other hand, while playing the role of the Matrix, the United States also habitually uses the double standards of "thieves crying to stop thieves" to slander other countries: on the one hand, it carries out global network surveillance and attacks, on the other hand, it continues to exaggerate the so-called "China cyber threat," coerces other countries to hype up the "China hacker" incident, and even uses this to sanction China companies and prosecute China citizens.

This practice of provoking trouble, turning black and white upside down, and beating a rake is intended to confuse the audience and divert attention, but the iron facts show the world that the United States is the real "Matrix Empire", the biggest "surveillance empire", and the biggest source of chaos and threat to the security, stability and prosperity of cyberspace today. It is obvious to all to the international community that the potential security risks caused by the abuse of its cyber power by the United States have become the biggest challenge to the stability of global cyberspace.

Defeated network attacks highlight network power strategy, China shows defense strength and responsibility

In February 2014, General Secretary Xi Jinping at the first meeting of the Central Cybersecurity and Information Technology Leadership Group, clearly pointed out that "Cybersecurity is a matter of national security, without cybersecurity there is no national security", "Cybersecurity and informationization is a matter of national security and national development major strategic issue", and demanded efforts to build China into a network power.

Since then, at the April 2016 Cybersecurity and Informationization Work Symposium, General Secretary Xi Jinping further emphasized the need to "perceive the situation of cybersecurity at all times", improve the protection system of critical information infrastructure, because "cross-country critical infrastructure faces greater hidden risks, traditional prevention and control capabilities are difficult to effectively respond to national and organized high-intensity cyber attacks".In April 2018, the National Cybersecurity and Informationization Work Conference, General Secretary Xi Jinping once again stressed that "without cybersecurity there is no national security", demands comprehensive development and security, and moves forward to building an active defense system, "with security and development, to promote security, and strive to build the trend of long-term security, growth and

Under the guidance of the Party Central Committee's series of strategies, China continues to improve its network security system and continuously improves its actual combat defense capabilities. This time, the national security agencies were able to promptly perceive, effectively counter, and successfully intercept the top cyber attack operations in the United States. It is precisely due to multi-department coordinated operations and the leap in technical strength. National security agencies, network information management agencies, technical units and key enterprises work closely together to form a complete closed loop from advanced threat awareness early warning, attack link traceability and evidence collection to timely blocking and clearing.

Facts have proved that in the face of high-intensity attacks with the background of "the world's strongest cyber offensive power" such as NSA, China has the ability to effectively detect and defeat them. This not only maintains the security of "Beijing Time", the country's lifeblood facility, but also marks a milestone progress in my country's cyberspace defense field.

Through this successful counteraction, China has shown the world its firm will and ability to safeguard cyberspace security. China is determined and capable of safeguarding its key information infrastructure security and ensuring the stable operation of the national economy and society. At the same time, China has always advocated the peaceful use of cyberspace and opposed all forms of cyberattack and destruction activities. As a responsible network power, China will continue to adhere to the concept of win-win cooperation and promote the establishment of a fair and reasonable international cyberspace governance order. Strengthen dialogue and cooperation within the framework of international rules, jointly prevent network threats, and China is confident that together with all countries will cut off all key infrastructure and make new contributions to building a human cyberspace destiny community.

This article is the exclusive manuscript of Observer.com. The content of the article is purely the author's personal opinion and does not represent the views of the platform. It may not be reproduced without authorization, otherwise it will be investigated for legal responsibility. Pay attention to observer network WeChat guanchacn and read interesting articles every day.