Beijing is accusing Washington of launching a high-stakes cyber offensive against a key player in China’s encryption industry.

US intelligence operatives allegedly broke into vital Chinese networks in 2024 using sophisticated hacking tools, according to a report released by China’s National Computer Network Emergency Response Technical Team (CNCERT). The breach reportedly zeroed in on cryptography research and led to the theft of substantial amounts of sensitive corporate and state data.

Hackers reportedly breached the company’s defenses by exploiting a hidden flaw in its customer relationship management (CRM) software. Once inside, they deployed a custom Trojan designed to maintain control and execute commands remotely.

The malware’s structure and stealthy behavior allegedly closely resembled digital weapons previously tied to US intelligence services.

“The Trojan used shows clear similarities with offensive tools previously employed in US intelligence agency operations,” the CNCERT report claims.

CNCERT pointed to what they said was a familiar playbook: the attackers moved laterally across systems using advanced backdoors and remote access tools. The tactics, they said, closely mirrored those linked to the TUTELAGE program, a covert cyber framework detailed in past intelligence findings.

Adding to the suspicions, the hackers operated mostly during American business hours, a timing pattern that Chinese investigators view as further proof of U.S. involvement. Once inside the network, the attackers launched a carefully orchestrated data heist, relying on stealth tactics like constant IP changes and thorough log wiping to stay under the radar.

“Attackers extensively used open-source or generic tools to hide and confuse analysis, temporarily implanting common web Trojans in compromised systems, and systematically deleting logs and malicious files to hinder detection and response activities,” the report reads.

They eventually breached a secure code repository housing proprietary cryptographic algorithms. Among the stolen information were personal details of more than 600 registered users, an extensive database of over 8,000 customer profiles, and upwards of 10,000 contract records, many of which were tied to government departments and high-security institutions.