US spies have been hacking into Chinese aviation, energy, internet and even government sectors for more than a decade, Beijing-based cybersecurity firm Qihoo 360 said after a probe based on ‘Vault7’ tools published by WikiLeaks.
Coming from a major and reputable Chinese cybersecurity vendor, the accusations – made public on Monday on the company’s blog, in both English and Chinese – carry extra weight. According to Qihoo, a group of hackers designated APT-C-39 has been confirmed as coming from the US Central Intelligence Agency.
The attacks were traced as far back as September 2008, with the greatest concentration of targets in Beijing, Guangdong and Zhejiang provinces, the company said. Among the targeted sectors were civil aviation, scientific research institutions, oil and petroleum industries, internet companies and Chinese government.
The cybersecurity firm came to a conclusion that the attack was initiated by a “state-level hacking organization” because the hackers had used “CIA-exclusive cyber weapons” such as Fluxwire and Grasshopper – long before they were publicly revealed to have been developed by US spies, when WikiLeaks published the so-called “Vault7” cache of documents in March 2017.
Control commands and encryption schemes of APT-C-39 also lined up with Vault7 disclosures, while compilation times matched “North American business hours,” Qihoo said.
The CIA coder accused of leaking the documents, Joshua A. Schulte, is currently on trial for espionage in the US.
Another Chinese antivirus company, Qi-Anxin, published a report in September 2019 also accusing the CIA of hacking Chinese companies, notably the aviation sector. Qi-Anxin’s research was also based on analyzing CIA software made public by WikiLeaks.