Skip links

China claims it has captured NSA NOPEN cyber-weapon

China claims it has obtained a sample of malware used by the NSA to steal files, monitor and redirect network traffic, and remotely control computers to spy on foreign targets.

The software nasty, dubbed NOPEN, is built to commandeer selected Unix and Linux systems, according to Chinese Communist Party tabloid Global Times, which cites a report it obtained exclusively from the National Computer Virus Emergency Response Center. 

Most of the world’s servers run Linux, as well as just about every battery-powered device, hence the espionage tool’s interest in such systems. The NSA apparently used NOPEN to take over “a large number” of computers around the world, and the theft of data from this equipment has caused “inestimable losses,” the tabloid reported. The American malware would install a backdoor that once activated would allow miscreants to connect in, extract files, change the operation of the system, and explore the network for other resources to hijack or steal, it is claimed.

The NSA did not immediately respond to inquiries from The Register about NOPEN and other claims of spies doing spying in the article.

Obviously the Middle Kingdom would never stoop to such tactics itself: other than being the top spot for cyber-attacks against the US, the Microsoft Exchange Server debacle, and let’s not mention the cows.

This follows a similar Global Times report that claimed the NSA has been using cyber-weapons to attack almost 50 countries and regions for a decade with a specific focus on Chinese government agencies, high-tech firms, and military-related institutes. 

While it’s not out of the ordinary for Beijing to accuse Washington of cyber espionage and related attacks, NOPEN wouldn’t be the first time that NSA-developed offense code landed in the wrong hands. Perhaps the most infamous example of this is the WannaCry ransomware attack in 2017, which used the NSA’s EternalBlue tool to exploit a vulnerability in Microsoft’s SMB file sharing services.

ExternalBlue was stolen and leaked online before North Korean-backed criminals used it to attack hospitals, banks, and other businesses across 150 countries.

The Global Times also cites an anonymous Chinese cybersecurity expert who said NOPEN is the primary weapon in the NSA’s cyber arsenal. “The vast majority of the NSA’s arsenal consists of stealth fighters and submarines that can easily attack victims without their knowledge,” the expert reportedly said. ®