Qihoo 360 is the leading supplier cyber security China today published a report accusing the CIA of hacking businesses against Chinese companies and government services for more than 11 years. Specifically, it claims that the CIA's hacking targets were the aviation industry, scientific research institutes, the oil industry, online companies and government services of China. According to Qihoo researchers, CIA hacking operations took place between September 2008 and June 2019, with most of the targets being in Beijing, Guangdong and Zhejiang.
Qihoo notes that much of the CIA's hacking business focused on the civil aviation industry, both in China and elsewhere. The Chinese security firm says its purpose campaign was the long-term and targeted collection of information on all flights worldwide, passengers, freight transport and other related information.
The reason why Qihoo links the intrusions it receives with the CIA is because of the malware used during the attacks, namely Fluxwire (1, 2, 3) and Grasshopper (1, 2). Both of these types of malware were unveiled in early 2017 when Wikileaks published the Vault 7, a collection of files describing the CIA's equipment in electronic weapons.
WikiLeaks claimed to have received the files from someone working for the CIA and from a complainant, later identified as Joshua Schultz, and is currently in US court docket. Shortly after the revelations of WikiLeaks Vault 7, Symantec confirmed that Fluxwire was the malicious software Corentry had been watching for years. Qihoo 360's analysis found that the technical details of most samples corresponded to those of Vault 7, such as control commands, PDB paths, and encryption programs. Chinese researchers also claim to have found versions of Fluxwire developed long before the release of Vault 7 leaks, with detection times matching the most public Fluxwire changelog.
In addition, Qihoo researchers claim its development hours malware correspond to US time zones. This is a common technique that US researchers have used many times in the past to associate malware with Chinese hackers.
The Qihoo report, however, does not reveal anything new. Most of the information in the report was already known three years ago. The only new information contained in the Qihoo report is the specific targets allegedly destroyed by the CIA in China, information not previously known before today's publication in China. blog of Qihoo.
In its report, Qihoo listed the CIA hacking companies under the code name APT-C-39. CIA hacking companies are also identified by the names Longhorn (Symantec) and Lamberts (name Kaspersky). Qihoo 360 is now the second Chinese security supplier in the past six months to publicly accuse the CIA of employing fraudulent tactics against China.
At the end of September 2019, the cyber security company Qi An Xin published a similar report accusing the CIA of malicious activities against Chinese targets in the aviation sector between 2012 and 2017. Rising investigators, however, did not link the group behind these activities with a specific country, but called the hackers "Rattlesnake" , they inspired the name from a snake that lived in the southeastern United States and parts of Mexico.