The China National Time Service Center (NTSC) is a critical research institute under the Chinese Academy of Sciences (CAS). Its core mission is to maintain and distribute the official national time standard for China, a service essential to various high-stakes sectors. These include telecom, finance, energy, transport, mapping, and defense, and the NTSC also supplies vital data that contributes to global time standards. The alleged cyber-intrusion thus targeted a cornerstone of the nation’s technological and defensive infrastructure.
According to a statement from China’s Ministry of State Security, the NSA’s cyberattacks began on March 25, 2022. The initial phase of the operation reportedly involved exploiting vulnerabilities in the mobile phones of NTSC employees through a foreign SMS service. This action was allegedly conducted to steal sensitive data and monitor communications, providing a foothold for further network infiltration.
The Ministry of State Security asserts that the investigation successfully uncovered a “major U.S. cyberattack case,” which they claim to have thwarted. The goal of the NSA, as alleged by the Chinese government, was to steal secrets and sabotage systems, thereby compromising the security of “Beijing Time.” The state security authorities claim to have obtained “irrefutable evidence” of these intrusions, allowing them to stop the attempts and protect the NTSC’s systems.
The timeline provided by Beijing’s investigation details the escalation of the alleged attacks. After the initial breach of staff phones, the hackers reportedly used stolen credentials on April 18, 2023, to access the center’s computers and map out its internal network. The most aggressive phase is said to have occurred between August 2023 and June 2024, during which the NSA allegedly deployed a new cyber warfare platform, utilizing 42 different cyber tools to specifically attack internal systems, target the precision timing mechanism, and install disruptive code. These attacks were conducted late at night (Beijing Time) using VPNs across the U.S., Europe, and Asia, with the hackers attempting to conceal their activities through forged certificates and encryption.
In response, China claims it successfully gathered evidence, stopped the in-progress attacks, and has since strengthened the NTSC’s defenses. The Ministry of State Security has emphasized that it legally prevents and combats cyber-espionage and provides counterintelligence guidance to domestic institutions. It stressed that critical infrastructure operators must assume primary responsibility for counter-espionage efforts, which includes training personnel and implementing technical safeguards against foreign attacks and data theft. The public has also been urged to report any suspected cyber-espionage activities through official hotlines and channels.
Reference: