CIA Hacking Group Conducts Cyber Attack on China Since 2008 - Qihoo 360
The Chinese internet security company Qihoo 360 published a new report accusing the U.S. Central Intelligence Agency (CIA) of an 11-year-long Cyberattack against several Chinese industries and government agencies.
Qihoo researchers said that CIA hacking operations occurred between September 2008 and June 2019, and a majority of the targets were situated in Beijing, Guangdong, and Zhejiang.
The CIA targets several industries in China, including aviation organizations, scientific research institutions, petroleum industry, Internet companies, and government agencies. Most of the targets were located in Beijing, Guangdong, and Zhejiang.
The Central Intelligence Agency (CIA) is the U.S originated Government based Intelligence Agency involved in various operations such as spying on foreign individuals, companies, and governments information from around the world, analyzing the data collected by other agencies, reporting the national intelligence assignment to the U.S decision-makers and more.
Both malware strains emerged in early 2017 when Wikileaks published the Vault 7 dump, a bundle of documentation files specifying the CIA's arsenal of cyber-weapons.
Vault 7 leaks that played a significant role in this discovery, in which Wikileaks disclosed 8716 documents (including 156 top secrets Document) from the CIA "Backup" Copy "that contains detailly records of the CIA hacking group's attack methods, targets, Powerful tools, and technical specifications and requirements.
The Chinese investigators also claim they established Fluxwire versions organized in the wild long before the Vault 7 leaks became public, with discovery times corresponding to the now-public Fluxwire changelog.
Evidence found by Qihoo 360 reveals that APT-C-39 is Affiliated with the CIA.
- Evidence 1: APT-C-39 uses massive exclusive cyber weapons in the CIA's Vault 7 project.
- Evidence 2: The technical details of most samples of the APT-C-39 are consistent with the ones described in the Vault 7 documents.
- Evidence 3: Before WikiLeaks disclosed the Vault 7 cyber weapon, the APT-C-39 already used relevant cyberweapons against China targets.
- Evidence 4: Some attack weapons used by the APT-C-39 are associated with the NSA.
- Evidence 5: APT-C-39 group's weapons compilation time is located in the U.S. time zone. APT-C-39 discovery (CIA hack group)
Researchers from Qihoo 360 dig deeper into the leaked documents and found that the Vault 7 Arsenal tools have been used to perform some of the series of targeted hacking attacks on Chinese organizations and government agencies.
Based on the researcher's report, These attacks are attributed to a U.S.-related APT organization. In essence, APT-C-39 found that the attackers mainly targeted the system developers in Chinese aviation organizations and scientific research sectors to carry out the campaigns.
CIA(APT-C-39 ), also accused of attacking the technology sectors of civil aviation, are not only in China but also involves hundreds of commercial airline national states.
Also, researchers believed that these 11 years, the CIA might have already gathered a variety of data of the most classified business information of China, even of many other countries in the world.
Tracked Down the Key Figure of CIA Cyber Arsenal R & D
Qihoo 360 figured out a CIA employee, Joshua Adam Schulte, "was responsible for the research, development, and production of cyber weapons" unleashed during the prolonged spying campaign.
Joshua was employed at the CIA's National Clandestine Service (NCS) as a Directorate of Science and Technology (DS&T) Intelligence Officer. Joshua misused his admin privilege of the core machine room and a preset backdoor to steal the classified documents of Vault 7 and disclosed them to Wikileaks, which was published on the Wikileaks website in 2017.
They claim Joshua was "directly involved in the development of the cyber weapon – Vault 7," which they say was used by the alleged CIA hacking group APT-C-39.
Joshua was arrested in 2018 and prosecuted by the U.S. Department of Justice. On February 4, 2020, at a public hearing in the federal court, the federal prosecutor alleged that Joshua, as the core developer and the person in charge of its internal arsenal's highest administrator authority.