Core Viewpoint - A report by the China Cybersecurity Association reveals a cyber attack by a U.S. intelligence agency on a major Chinese commercial encryption product provider, posing risks to national cybersecurity and affecting financial transactions that rely on commercial encryption [1][2]. Group 1: Cyber Attack Details - The attack utilized a vulnerability in a customer relationship management system, allowing attackers to upload arbitrary files and delete logs to cover their tracks [1]. - The attack timeline indicates that the attackers implanted a specialized Trojan on March 5, 2024, and began targeting the company's code management system on May 20, 2024, primarily during U.S. business hours [1][2]. Group 2: Data Theft and Impact - From March to September 2024, attackers connected through 14 foreign IPs to steal 950MB of data from the customer relationship management system, which included over 600 users and more than 10,000 contract orders [2]. - Between May and July 2024, 6.2GB of data was stolen from the code management system, which contained critical information on three password research projects [2]. Group 3: Implications for National Security - The stolen data included procurement information from various government units and code information for password research projects, indicating an intent to exploit vulnerabilities in China's domestic encryption products [2]. - The potential consequences of compromised commercial encryption products could be severe, affecting critical information infrastructure and daily life security [3].