The three letter agencies of the federal government hold a lot of power. Maybe too much.
Now the NSA was caught in a covert operation that left Americans wide-eyed.
Shocking Report Exposes Alleged NSA Hack on Chinese University, U.S. Offers No Denial
A bombshell analysis detailing the National Security Agency’s (NSA) alleged cyberattack on a Chinese university has sent shockwaves through the cybersecurity world, revealing Beijing’s intricate efforts to trace the suspected American hackers.
The explosive report, published by Australian cybersecurity researcher Lina Lau — known online as @inversecos — unpacks China’s investigation into an NSA breach of Northwestern Polytechnical University, a defense-linked institution in Xi’an.
When pressed on the findings, an NSA senior official responded with a statement that condemned China’s cyber operations — but notably failed to deny the accusations against the U.S. agency.
“NSA is unwavering in its commitment to equipping network defenders with timely, actionable guidance to safeguard critical infrastructure against the growing and evolving landscape of cyber threats,” the official stated, skirting the core allegation.
“We recognize the importance of maintaining a strong defense posture, and we remain dedicated to strengthening the security of our digital networks and those of America’s defense industrial base.”
Shifting attention away from the report’s claims, the NSA official highlighted China’s aggressive cyber tactics, asserting that Beijing’s goal is to infiltrate critical networks to create disruption and instability.
“The intelligence we gather remains essential for understanding adversarial tactics, assessing vulnerabilities and providing the critical insights necessary to protect our networks from malicious actors,” the official said.
How China Traced the Alleged NSA Hackers
Lau’s meticulous analysis, published Tuesday, sheds new light on how China’s cyber specialists tracked the suspected American operatives in 2022. Using intelligence from China’s Qihoo 360, Pangu Lab, and the National Computer Virus Emergency Response Center, investigators scrutinized attack timing, keyboard inputs, and even human errors made by the hackers.
According to Lau, the Chinese identified an NSA operative working under the alias “Amanda Ramirez” as part of the agency’s Tailored Access Operations (TAO). The pattern of cyber intrusions strongly suggested an American work schedule: attacks occurred almost exclusively between 9 a.m. and 4 p.m. Eastern time, Monday through Friday — with no activity on Christmas, Memorial Day, or Independence Day.
China’s investigators also uncovered telltale signs pointing to American operatives, including the use of American English and U.S. keyboards.
“Due to the length and scale of the incident, when one of the alleged NSA ‘attackers’ tried to upload and run a Pyscript tool, they forgot to modify the parameters,” Lau explained in her blog. “This returned an error—the error message exposed the working directory and file name of the attacker’s internet terminal.”
That crucial slip-up allegedly revealed that the hackers were operating within a classified NSA cyber warfare directory.
The NSA’s Playbook: Tactics and Targets
In her breakdown of NSA hacking methods, Lau noted that the initial breach was launched through an attack platform first exposed by Edward Snowden — the former NSA contractor who blew the lid off U.S. surveillance programs in 2013 before seeking refuge in Russia.
The reason for targeting Northwestern Polytechnical University? Its cutting-edge research in aerospace and defense, making it a prime target for intelligence gathering.
“Once inside, NSA operatives allegedly systematically stole classified research data, network infrastructure details, and sensitive operational documents,” Lau stated.
Although her analysis focused on cyberattacks beginning in 2022, she suggested that U.S. hacking operations against the university had likely been ongoing for much longer.
Despite years of Chinese accusations, the NSA has continued to dodge direct questions on the matter, offering no acknowledgment or denial. Meanwhile, American cyber agencies and tech firms frequently release detailed reports exposing China’s own cyber intrusions — such as the Typhoon hacking groups accused of infiltrating U.S. infrastructure and telecommunications systems for espionage and sabotage.
While the U.S. and China trade cyber accusations, one thing is clear: the world of digital espionage is as active — and dangerous — as ever.
