CIA Accused of Mounting 11-Year Cyber-Attack Against China

A security company has accused America's Central Intelligence Agency (CIA) of waging an 11-year campaign of cyber-espionage against critical industries in the People's Republic of China.

Qihoo 360 announced yesterday that it had "discovered and revealed cyber-attacks by the CIA hacking group (APT-C-39) which lasts for eleven years against China."

The company claims to have evidence that several different industry sectors have been targeted by the CIA's cyber-spying campaign, including aviation organizations, scientific research institutions, the petroleum industry, internet companies, and government agencies.

Further claims are made that the CIA also targeted hundreds of commercial airlines in countries other than the PRC. 

Researchers said a former CIA employee, Joshua Adam Schulte, "was responsible for the research, development and production of cyber weapons" unleashed during the prolonged spying campaign.

According to Qihoo 360, Schulte was employed at the CIA’s National Clandestine Service (NCS) as a Directorate of Science and Technology (DS&T) Intelligence Officer. They claim Schulte was "directly involved in the development of the cyber weapon - Vault 7," which they say was used by the alleged CIA hacking group APT-C-39. 

Evidence of the existence of a hacking tool with the code name Vault 7 was among the 8,716 CIA documents disclosed to WikiLeaks in 2017 and subsequently made public, wrote the researchers. 

They allege that the document cache included 156 confidential documents that provide a record of the CIA hacking group’s attack methods, targets, tools, and technical specifications and requirements. 

Researchers wrote: "Qihoo 360 analyzed the leaked material of Vault 7 and associated with the team’s researches, it discovered a series of targeted attacks against China's aviation industry, scientific research institutions, petroleum industry, large Internet companies and government agencies. 

"These eleven-year attacks can be traced back to 2008 (spanning from September 2008 to June 2019), and are mainly distributed in provinces such as Beijing, Guangdong, and Zhejiang." 

According to Qihoo 360, APT-C-39 has used CIA-exclusive cyber-weapons such as Fluxwire and Grasshopper to carry out cyber-attacks against China.

Since being established in 2014, the company claims to have discovered more than 40 APT hacking groups and "a number of APT operations" launched against the PRC by other countries.

What’s Hot on Infosecurity Magazine?