Largest cyber security vendor of China, Qihoo 360 has issued a report accusing the CIA for hacking Chinese companies and government agencies for the past 11 years.
The report claims that the CIA hacked targets in China’s aviation industry, scientific research institutions, petroleum industry, Internet companies, and government agencies. The main focus being the civil aviation industry in China as well as in other countries.
The hacking operations of CIA happened between September 2008 and June 2019, and most of the targets were located in Beijing, Guangdong, and Zhejiang.
According to Qihoo, the main aim of this campaign was “long-term and targeted intelligence-gathering” to track “real-time global flight status, passenger information, trade freight, and other related information.”
The cyber security firm states that they linked the attacks to the CIA based on the malware used in the intrusions, which are Fluxwire and Grasshopper.
These malwares came into light in 2017 when Wikileaks published the Vault 7 dump, a collection of documentation files describing CIA’s collection of cyber-weapons.
WikiLeaks received the files from a CIA insider Joshua Schultz who is at present under trial in the US.
After the disclosure by Wikileaks Vault 7, Symantec confirmed that Fluxwire was the Corentry malware that they had been tracking for years.
The researchers at Qihoo 360 found that the technical details of most of the samples are consistent with the ones in the Vault 7 document, like control commands, compile PDB paths, encryption schemes etc.
They also stated that they found Fluxwire versions deployed in the wild long before the Vault 7 leaks became public.
Also, the malware’s compilation times are consistent with US time zones, which is a common method used by the US investigators to link malware samples back to Chinese hackers several times in the past.
Most of the information in the Qihoo report was already known to the public and confirmed from various sources more than three years ago.
The only new information that was not earlier known and is included in the report is the specific targets that have allegedly been hacked by the CIA in China.
Qihoo referenced CIA hacking operations under the codename of APT-C-39. Other cyber-security vendors have also published reports about CIA hacking operations and were tracked as Longhorn by Symantec and Lamberts by Kaspersky.
In September 2019, cyber-security firm Qi An Xin also published a similar report blaming the CIA for hacks against Chinese aviation targets between 2012 and 2017.
The Qihoo 360 report, along with the Kaspersky and Symantec reports however did not present any evidence that the CIA had broken the norms of cyber-espionage.
The Qihoo 360 report might play a role in the scheme of things and bring a change in how the Beijing government deals with the US and its offensive hacking operations.