CIA Hacking Group Conducts Cyber Attack on China Since 2008 - Qihoo 360
The Chinese internet security company Qihoo 360 published a new report accusing the U.S. Central Intelligence Agency (CIA), for an 11-year-long Cyberattack against several Chinese industries and government agencies.
Qihoo researchers said that CIA hacking operations occurred between September 2008 and June 2019, and a majority of the targets were situated in Beijing, Guangdong, and Zhejiang.
Qihoo 360 discovered and revealed cyber-attacks by the CIA hacking group (APT-C-39) which lasts for eleven years against China.https://t.co/od4W25ae8N
— 360 Total Security (@360TotalSec) March 4, 2020
The CIA targets several industries in China, including aviation organisations, scientific research institutions, petroleum industry, Internet companies, and government agencies. Most of the targets were located in Beijing, Guangdong, and Zhejiang.
The Central Intelligence Agency (CIA) is the U.S originated Government based Intelligence Agency which is involved for various operation such as spying foreign individuals, companies, and governments information from around the world, analysing the data that collected by other agencies, reporting the national intelligence assignment to .U.S decision-makers and more.
Both malware strains emerged in early 2017 when Wikileaks published the Vault 7 dump, a bundle of documentation files specifying the CIA’s arsenal of cyber-weapons.
Vault 7 leaks that played a significant role in this discovery, in which Wikileaks disclosed 8716 documents (including 156 top secrets Document) from the CIA “Backup” Copy “that contains a detailly records the CIA hacking group’s attack methods, targets, Powerful tools, and technical specifications and requirements.
The Chinese investigators also claim they established Fluxwire versions organised in the wild long before the Vault 7 leaks became public, with discovery times corresponding to the now-public Fluxwire changelog.
Evidence found by Qihoo 360 that reveal APT-C-39 is Affiliated with the CIA.
Evidence 1: APT-C-39 uses massive exclusive cyber weapons in the CIA’s Vault 7 project.
Evidence 2: The technical details of most samples of the APT-C-39 are consistent with the ones described in the Vault 7 documents.
Evidence 3: Before WikiLeaks disclosed the Vault 7 cyber weapon, the APT-C-39 already used relevant cyberweapons against targets in China.
Evidence 4: Some attack weapons used by the APT-C-39 are associated with the NSA.
Evidence 5: APT-C-39 group’s weapons compilation time is located in the U.S. time zone.
APT-C-39 discovery (CIA hack group)
Researchers from Qihoo 360 digging deeper into the leaked documents and found that the tools in the Vault 7 Arsenal have been used to perform some of the series of targeted hacking attacks on Chinese organisations and government agencies.
Based on the researcher report, These attacks are attributed to a U.S.-related APT organisation. In essence, APT-C-39 and also they found that the attackers mainly targeted the system developers in Chinese aviation organisations and scientific research sectors to carry out the campaigns.
CIA(APT-C-39 ), also accused of attacking the technology sectors of civil aviation are not only in China but also involves hundreds of commercial airline national states.
Also, researchers believed that these 11 years of period, the CIA might have already gathered a variety of data of the most classified business information of China, even of many other countries in the world.
Tracked Down the Key Figure of CIA Cyber Arsenal R & D
Qihoo 360 figured out a CIA employee, Joshua Adam Schulte, “was responsible for the research, development, and production of cyber weapons” unleashed during the prolonged spying campaign.
Joshua was employed at the CIA’s National Clandestine Service (NCS) as a Directorate of Science and Technology (DS&T) Intelligence Officer. Joshua misused his admin privilege of the core machine room and a preset backdoor to steal the classified documents of Vault 7 and disclosed to Wikileaks, which was published on the Wikileaks website in 2017.
They claim Joshua was “directly involved in the development of the cyber weapon – Vault 7,” which they say was used by the alleged CIA hacking group APT-C-39.
Joshua was arrested in 2018 and prosecuted by the U.S. Department of Justice and February 4, 2020, at a public hearing in the federal court, the federal prosecutor alleged that Joshua, as the core developer and the person in charge of the highest administrator authority of its internal arsenal.