The Wuhan Earthquake Monitoring Center has recently suffered a cyberattack launched by an overseas organization, the city’s emergency management bureau which the center is affiliated to said in a statement on Wednesday. This is another case of its kind following the June 2022 cyberattack from overseas against a Chinese university.

The expert panel on the case found that the cyberattack was initiated by hacker groups and lawbreakers with governmental backgrounds from outside the country. Preliminary evidence suggests that the government-backed cyberattack on the center came from the US, the Global Times has learned.

The Wuhan Municipal Emergency Management Bureau said in a statement on Wednesday that some of the network equipment of the front-end station collection points of the Wuhan Earthquake Monitoring Center, were subjected to a cyberattack by an overseas organization, as monitored by the National Computer Virus Emergency Response Center (CVERC) and Chinese internet security company 360.

The center has immediately sealed off the equipment that was affected and reported the attack to the public security authorities, in order to investigate the case and handle the hacker organization and criminals according to law, said the statement. 

The Wuhan public security bureau Jianghan sub-bureau confirmed the discovery of a Trojan horse program originating from abroad at the Wuhan Earthquake Monitoring Center. According to the public security bureau, this Trojan horse program can illegally control and steal seismic intensity data collected by the front-end stations. This act poses a serious threat to national security.

The public security authorities have opened a case for investigation into this matter and further conducted technical analysis on the extracted Trojan samples. It has been preliminarily determined that the incident was a cyberattack initiated by foreign hacker organizations and outlaws.

Professionals told the Global Times that seismic intensity data refers to the intensity and magnitude of an earthquake, which are two important indicators of its destructive power. 

The data is closely related to national security, experts told the Global Times. For example, these factors need to be taken into account when constructing certain military defense facilities.

The Wuhan Earthquake Monitoring Center is another national unit that has been subjected to cyberattack from outside the country following the attack on Northwestern Polytechnical University (NWPU) in Xi’an, Northwest China’s Shaanxi Province, by an overseas hacker group in June 2022. 

After the attack on NWPU, the CVERC and the company 360 jointly formed a technical team to conduct a comprehensive technical analysis of the case. They concluded that the cyberattack was conducted by the Tailored Access Operations (TAO) of the US’ National Security Agency (NSA).

Expert technical team composed by the CVERC and the internet security company 360 has arrived in Wuhan to carry out evidence-collection work of the latest case, the Global Times has learned. Preliminary evidence indicates that the cyberattack on the Wuhan Earthquake Monitoring Center had come from the US.

According to company 360’s monitoring results, the NSA has carried out cyberattacks on at least hundreds of important domestic information systems in China, and a Trojan horse program called “validator” was found to be running in the information systems of a number of departments, transmitting information to the NSA headquarters.

Moreover, the findings show that a large number of “validator” Trojan horses are running in critical information infrastructure not only in China, but also in other countries, and the number of such programs planted in these countries’ systems far exceeds that of China.

The CIA is another notorious US cyber-attacking and stealing organization, in addition to the NSA. According to the research of the CVERC, the CIA’s cyberattacks have been characterized by automation, systematization and intelligence.

The CIA’s latest cyber weapons use extremely strict espionage specifications with various attack techniques interlocked. It now covers almost all internet and Internet of Things assets around the world, and can control other countries’ networks and steal their important and sensitive data anytime, anywhere.

Observers pointed out that the US, while intensifying attacks on global targets and stealing secrets, has spared no effort accusing other countries. 

It has gathered its so-called allies, trumpeting theory of “China’s cyber-threat” and denigrating and slandering China’s cyber-security policy, which has been repeatedly refuted by Chinese Foreign Ministry.

During a regular press conference on July 19, Chinese Foreign Ministry spokesperson Mao Ning said China is a victim of cyberattacks and is strongly opposed to such undertakings.

“The US has carried out indiscriminate, large-scale cyberattacks against other countries over the years,” she said. “The US Cyber Force Command blatantly declared last year that the critical infrastructure of other countries is a legitimate target for US cyberattacks. Such moves have raised concern.”