Overview
- China’s Ministry of State Security alleged the NSA began by exploiting a 2022 messaging flaw on foreign-brand phones used by National Time Service Center staff.
- Investigators said stolen credentials were used from April 2023 to access computers, followed by a 2023–2024 push using a new platform with 42 specialized cyber tools.
- The ministry accused the attackers of attempting to reach a high-precision ground timing system and warned that disruption could affect communications, finance, power grids and international timekeeping.
- Officials said attack chains were severed and defenses upgraded at the Xi’an-based center, which maintains China’s standard time for critical sectors.
- The NSA issued a standard statement declining to confirm or deny operations, and no independent verification has been made public, with reports noting tactics such as VPS routing, forged certificates and encrypted data wiping.