Beijing: A leading Chinese antivirus firm Qihoo 360 has claimed that the US Central Intelligence Agency (CIA) hackers were involved in a decade-long cyber espionage operation against China, targeting several industries, including aviation, scientific research institutions, petroleum industry, Internet companies and government agencies.
Qihoo 360 said it discovered and revealed cyber-attacks by the CIA hacking group (APT-C-39) which lasted for 11 years against China.
“The research also shows that a former CIA employee Joshua Adam Schulte was responsible for the research, development and production of cyber weapons,” the firm said in a statement on Wednesday.
During the group’s attacks against Chinese targets, he was employed at the CIA’s National Clandestine Service (NCS) as a Directorate of Science and Technology (DS&T) Intelligence Officer, who directly involved in the development of the cyber weapon titled Vault 7 (code name).
The CIA is one of the principal intelligence-gathering agencies of the federal government of the US. This Langley, Virginia-based agency has four major directorates.
The CIA was yet to issue a statement on the Qihoo 360 report. The US rarely comments when accused of cyber espionage.
“Dating back to 2017, WikiLeaks received a ‘backup copy’ of the hacking materials from Joshua and disclosed 8,716 documents from the CIA of the US, including 156 confidential documents that record the CIA hacking group’s attack methods, targets, tools and technical specifications and requirements,” the report mentioned.
Qihoo 360 analysed the leaked material of Vault 7 and associated with the team’s researches, it discovered a series of targeted attacks against various Chinese industries and institutions.
These 11-year attacks can be traced back to 2008 (spanning from September 2008 to June 2019), and were mainly distributed in provinces such as Beijing, Guangdong, and Zhejiang.
“In the CIA’s attack against Chinese aviation organisations and scientific research institutions, we found that attackers mainly targeted system developers in these sectors to carry out the campaigns,” said the firm.
These developers are mainly engaged in works like information technology of civil aviation, such as flight control system, freight information services, settlement and distribution services, passenger information system, etc.
“In fact, long-term and targeted intelligence-gathering with careful strategic deployment and large amount of resource investment are common activities of the CIA,a the report said, adding that in the past 11 years of infiltration attacks, CIA may have already grasped the most classified business information of China, even of many other countries in the world.
“It does not even rule out the possibility that CIA is able to track down the real-time global flight status, passenger information, trade freight and other related information,” the firm said.
In 2018, Joshua was arrested and prosecuted by the US Department of Justice for the Vault 7 leaks.
On February 4, 2020, at a public hearing in the federal court, the federal prosecutor alleged that Joshua has committed “the single biggest leak of classified national defense information in the history of CIA” by disclosing the agency’s secret hacking tools to WikiLeaks.
“The CIA Vault 7 weapons show that the United States has built the world’s largest cyber weapons arsenal. It has not only brought a serious threat to the global network security, but also demonstrate the APT organisation’s high technical capabilities and professional standards,” the report noted.
Qihoo 360 is a big cybersecurity vendor in China whose research is generally followed for the insight it offers into the country’s digital security world.