In October 2025, China’s Ministry of State Security (MSS) issued a statement via its official WeChat account, accusing the United States of engaging in a sophisticated cyber espionage campaign targeting China’s National Time Service Center (NTSC). The NTSC, an institution under the Chinese Academy of Sciences, is responsible for generating and maintaining China’s standard time, which is crucial for a variety of national systems, including telecommunications, transportation, and financial services. The MSS alleges that the U.S. National Security Agency (NSA) launched a long-term cyber operation against the NTSC that began in early 2022 and continued throughout 2023 and 2024. The purported objective of the operation was to disrupt China’s high-precision timing systems, with potential risks for critical national infrastructure.
Objectives of the Alleged Cyberattacks
According to the MSS, the NSA’s alleged cyber espionage campaign was aimed at destabilizing China’s timekeeping systems, which could have far-reaching consequences for sectors such as telecommunications, finance, electricity, transportation, and national defense. High-precision time synchronization is vital for the smooth functioning of these systems, and any disruption could cause severe operational and financial instability. The MSS claims that the attacks were designed to interfere specifically with China’s ground-based timing systems, which are integral to national infrastructure operations.
Methods of the Alleged Attacks
The MSS outlined several tactics allegedly employed by the NSA during the course of its cyberattacks on the NTSC. One of the primary techniques mentioned was the exploitation of a vulnerability within a foreign smartphone brand’s messaging service. According to the MSS, this vulnerability allowed the NSA to gain access to mobile devices used by NTSC staff in 2022, thereby enabling further infiltration into the institution’s systems. Additionally, the MSS claims that the NSA used stolen login credentials to infiltrate NTSC’s internal networks, facilitating the extraction of sensitive data.
Furthermore, the MSS alleges that the NSA deployed 42 specialized cyberattack tools to maintain persistent access to NTSC systems. These cyber weapons were purportedly used to exfiltrate data and gather intelligence, all while staying under the radar of detection. The MSS also notes that the attacks were carefully timed to occur during late-night to early-morning hours in Beijing, thereby minimizing the risk of detection and maximizing the effectiveness of the operation.
Potential Impact of the Alleged Attacks
The potential impact of the alleged cyberattacks, if proven true, could have serious consequences for China’s national infrastructure. Disruption to the NTSC’s high-precision timing systems could lead to significant issues in various sectors, including telecommunications and finance. The MSS suggests that blackouts or telecommunications outages could result from such disruptions, while destabilization of financial markets and potential disruptions to transportation and aerospace launches are also plausible. Given that precise timing is integral to the functioning of many systems, even a small disturbance could trigger widespread operational failures.
U.S. Government’s Response to the Allegations
The U.S. government has yet to directly confirm or deny the specific claims made by the MSS. The NSA, when asked about the allegations, has emphasized its focus on defending U.S. national interests, particularly against foreign adversaries. A spokesperson for the U.S. Embassy in Beijing reinforced the U.S. position by labeling China as “the most active and persistent cyber threat” targeting both U.S. government and private-sector networks. This response is in line with previous U.S. statements about the growing threat posed by China in cyberspace.
Simultaneously, the U.S. government has issued counterclaims against China, accusing it of engaging in cyber espionage campaigns targeting critical sectors, including telecommunications and finance. In April 2025, for instance, China was accused of breaching the U.S. Treasury Department through a remote-management software vendor. The U.S. has also alleged that Chinese hackers compromised networks related to the 2024 Asian Winter Games. These counterclaims contribute to the broader context of ongoing cyber espionage allegations between the two nations.
Broader Context of US-China Cyber Relations
The allegations made by the MSS are not isolated. For years, both the U.S. and China have engaged in a series of mutual accusations of cyberattacks. In 2013, former NSA contractor Edward Snowden revealed that the NSA had infiltrated Huawei’s networks as part of a broader surveillance program. In response, China has consistently accused the U.S. of engaging in "cyber hegemony," arguing that Washington has sought to dominate global cyber relations and has pushed a negative narrative about China’s cyber activities on the world stage. This tension has been exacerbated by other geopolitical issues, including trade disputes and military presence in the Indo-Pacific region.
In 2024, the U.S. Treasury imposed sanctions on a Chinese firm, Integrity Technology Group, which was allegedly linked to the "Flax Typhoon" hacking campaign, a significant operation that affected hundreds of thousands of devices worldwide. This incident further fueled the ongoing cyber conflict, with both sides accusing each other of undermining global cybersecurity norms.
Allegations Regarding U.S. Tactics and Operations
The MSS (Chinese Ministry of State Security) also detailed the geographical scope of the alleged NSA operations. According to the Chinese Ministry, the U.S. launched cyberattacks using virtual private networks (VPNs) and springboarded these operations from various countries, including the Philippines, Japan, Taiwan, and parts of Europe. This strategic use of third-party locations is claimed to have helped the NSA obscure its origins and evade detection.
The MSS specifically points to the use of 42 distinct "cyber weapons" by the NSA, which were allegedly deployed to infiltrate the NTSC’s systems. These tools were reportedly used to maintain persistent access to the network, extract sensitive data, and disrupt the high-precision timing infrastructure. The MSS also emphasizes that the NSA carefully timed the attacks to coincide with hours of vulnerability in the Beijing time zone, namely during the late-night to early-morning period, when Chinese systems would be least likely to detect such incursions.
China’s Criticism of U.S. Cybersecurity Practices
In addition to the specific allegations against the NSA, the MSS has expressed broader criticisms of U.S. actions in cyberspace. According to China, the U.S. has exhibited double standards by accusing China of cyber threats while allegedly engaging in similar activities itself. The MSS claims that the U.S. “tramples on international cyberspace rules,” coercing other nations to align with its stance on Chinese cyber threats while downplaying its own actions in the cyber domain. However, the MSS has not provided forensic evidence or specific indicators of compromise (IOCs) to substantiate its claims, which has led to further skepticism about the veracity of the accusations.
Looking Ahead
The allegations and counterclaims between the U.S. and China are likely to continue escalating, particularly as both nations vie for technological and geopolitical dominance. Given the centrality of cybersecurity to national security, both countries are expected to ramp up their efforts in cyber defense and offensive capabilities. The ongoing back-and-forth over cyber espionage is likely to contribute to further sanctions, technological bans, and possibly retaliatory cyber operations. As tensions between the two superpowers rise, cybersecurity will remain a critical flashpoint in their bilateral relations, shaping not only their diplomatic interactions but also the future of global cybersecurity norms.
0 Comments