On October 20, 2025, China’s Ministry of State Security (MSS) publicly accused the United States National Security Agency (NSA) of orchestrating a deliberate cyber attack against the National Time Service Center (NTSC). The MSS labeled the U.S. as a hacker empire and the greatest source of chaos in cyberspace, asserting that the NSA’s actions posed significant threats to China’s critical infrastructure.
Background on NTSC
Established in 1966 under the Chinese Academy of Sciences, the NTSC is responsible for generating, maintaining, and transmitting Beijing Time, the national standard. This service is crucial for the synchronization of various sectors, including telecommunications, finance, power grids, transportation, and space exploration. Any disruption to NTSC’s operations could lead to severe consequences such as communication failures, financial system disruptions, power outages, transportation paralysis, and compromised space missions.
Details of the Alleged Cyber Attack
According to the MSS, the NSA’s cyber intrusion began on March 25, 2022. The attack was multifaceted and unfolded in several stages:
1. Initial Compromise: The NSA allegedly exploited vulnerabilities in an unnamed foreign brand’s SMS service to infiltrate mobile devices of NTSC staff. This breach resulted in the unauthorized extraction of sensitive data. The specific vulnerabilities exploited were not disclosed by the MSS.
2. Credential Theft and System Access: On April 18, 2023, the NSA purportedly used stolen login credentials to gain unauthorized access to NTSC’s computer systems. This access allowed the NSA to conduct reconnaissance and map out the center’s network infrastructure.
3. Deployment of Cyber Warfare Platform: Between August 2023 and June 2024, the NSA is said to have deployed a sophisticated cyber warfare platform within NTSC’s network. This platform activated 42 specialized tools designed to execute high-intensity attacks on multiple internal systems. The objective was to achieve lateral movement within the network and target a high-precision ground-based timing system, potentially disrupting its operations.
Tactics and Concealment Methods
The MSS detailed several tactics employed by the NSA to evade detection and attribution:
– Use of Virtual Private Servers (VPS): The NSA allegedly routed malicious traffic through VPSes located in the U.S., Europe, and Asia. This strategy was intended to obscure the true origin of the attacks.
– Forged Digital Certificates: To bypass antivirus software and other security measures, the NSA is accused of forging digital certificates, allowing malicious code to appear legitimate.
– High-Strength Encryption: The NSA purportedly employed robust encryption algorithms to erase traces of the attack, making forensic analysis and attribution more challenging.
China’s Response and Broader Accusations
The MSS stated that Chinese national security agencies successfully neutralized the attack and have since implemented additional security measures to safeguard NTSC’s operations. Beyond this specific incident, the MSS accused the U.S. of conducting persistent cyber attacks not only against China but also targeting regions in Southeast Asia, Europe, and South America. The MSS alleged that the U.S. leverages technological footholds in countries such as the Philippines, Japan, and Taiwan to launch these activities, thereby obscuring its involvement.
Furthermore, the MSS criticized the U.S. for what it described as a strategy of deflection, accusing the U.S. of promoting the China cyber threat theory to coerce other nations into amplifying claims of Chinese hacking incidents. This, according to the MSS, includes sanctioning Chinese enterprises and prosecuting Chinese citizens in an attempt to mislead the public and distort the truth.
Historical Context and Ongoing Cyber Tensions
This accusation is part of a series of cyber-related confrontations between China and the U.S. In September 2023, the MSS accused the NSA of infiltrating Huawei’s servers since 2009, alleging the theft of critical data and the implantation of backdoors. The MSS claimed that the NSA’s Computer Network Operations unit had conducted systematic attacks to plunder important data resources. Conversely, in July 2021, the U.S. and its allies accused China’s Ministry of State Security of orchestrating a massive cyber attack against Microsoft Exchange email servers, affecting thousands of organizations worldwide.
Implications and the Need for Cybersecurity Vigilance
The MSS’s recent allegations underscore the escalating cyber tensions between the U.S. and China. These incidents highlight the critical importance of robust cybersecurity measures to protect national infrastructure. As cyber threats become more sophisticated, nations must prioritize the development and implementation of comprehensive security strategies to safeguard sensitive systems and data.
