Qihoo 360: CIA was monitoring Chinese industries for 11 years

Security researchers claim that CIA hacked Chinese industries and government agencies to obtain intelligence information

Qihoo 360 security researchers reported that the CIA was conducting cyber-espionage over 11 year period in China

CIA (Central Intelligence Agency) was conducting cyber-espionage activities on Chinese government institutions and various industries, as the report by Qihoo 360, published on Tuesday, claims.^[1] Qihoo 360, one of the most reputable cybersecurity firms, become the second vendor (after Qi An Xin)^[2] that accused CIA with hacking activities that lasted for more than 11 years – from September 2008 to June 2019.

According to the report, CIA (mentioned as hacking group APT-C-39) conducted series of hacking attacks overtime against numerous corporations in industries like scientific research, aviation, petroleum, IT communications, as well as government agencies, primarily located in Beijing, Guangdong, and Zhejiang regions.

The Chinese cybersecurity firm also said that hack tools like Fluxwire and Grasshopper were not only used against China, however:

We speculate that in the past eleven years of infiltration attacks, CIA may have already grasped the most classified business information of China, even of many other countries in the world.

Vault 7, Joshua Schulte and WikiLeaks

One of the major focuses of the report tends to be Joshua Adam Schulte – former CIA employee and a whistleblower who was heavily involved in cyberattacks and also created “cyber weapons” against China.

Schulte was born in 1988 in Texas, US, and, after graduating from the University of Texas, quickly landed a position in CIA in 2010. “Proficient in the design and development of cyber weapons and possessing knowledge of intelligence operations, Joshua became one of the core backbones of the CIA's many important hacking tools,” Qihoo 360 report said.

Abusing his privilege as an admin, Schulte managed to place a backdoor on the CIA's systems and obtained classified information, which he shared with WikiLeaks in March 2017. The published 8716 documents (dubbed Vault 7) included information about agency's attack methods, tools, worldwide targets, and other sensitive information:

Qihoo 360 analysis found that the technical details of most of the samples are consistent with the ones in the Vault 7 document, such as control commands, compile pdb paths, encryption schemes.

For the deed, Joshua Schulte was arrested and charged with various criminal offenses by the U.S. Department of Justice. On February 4, 2020, he was accused of being a direct cause of “the single biggest leak of classified national defense information in the history of CIA.”

The leaked materials, along with Symantec's findings^[3] about the Fluxwire malware, provided Chinese researchers with several cases of evidence about the CIA's cyber-espionage activities throughout the past 11 years.

China might purpose legal action against the CIA

Chinese security researchers provide five different evidence examples within the report. While most of the evidence was based on Vault 7 data dump, quite a lot of new information was published about the CIA's focus on the aviation industry.^[4] Qihoo 360 said that CIA gathered a variety of data, including passenger information:

In the CIA's attack against Chinese aviation organizations and scientific research institutions, we found that attackers mainly targeted system developers in these sectors to carry out the campaigns. These developers are mainly engaged in works like information technology of civil aviation, such as flight control system, freight information services, settlement and distribution services, passenger information system, etc.

Researchers said that they believe that the CIA is now capable of tracking passenger and freight flight movements around the globe in real-time, and they were wondering “what unexpected things will the CIA do if it has such confidential and important information.”

Shortly after the report was published, multiple Chinese regime-supporting news outlets began to publish reports and called for sanctions against the US' cyber-espionage activities against China.^[5] The legal action call does not come as a surprise, as the US also charged multiple Chinese nationals for conducting cyberattacks against US companies like Equifax.^[6]