Chinese security firm says CIA hacked Chinese targets for the past 11 years

China’s largest cyber-security vendor has published today a report accusing the CIA of hacking Chinese companies and government agencies for more than 11 years.

The report, authored by Qihoo 360, claims the CIA hacked targets in China’s aviation industry, scientific research institutions, petroleum industry, Internet companies, and government agencies.

CIA hacking operations took place between September 2008 and June 2019, and most of the targets were located in Beijing, Guangdong, and Zhejiang, Qihoo researchers said.

cia-hacking.png
Image: Qihoo 360

Qihoo claims that a large part of the CIA’s hacking efforts focused on the civil aviation industry, both in China and in other countries.

The Chinese security firm claims the purpose of this campaign was “long-term and targeted intelligence-gathering” to track “real-time global flight status, passenger information, trade freight, and other related information.”

Report based on Vault 7 leaks

Qihoo says it linked the attacks to the CIA based on the malware used in the intrusions — namely Fluxwire [1, 2, 3] and Grasshopper [1, 2].

Both malware strains came to light in early 2017 when Wikileaks published the Vault 7 dump, a collection of documentation files detailing the CIA’s arsenal of cyber-weapons.

WikiLeaks claimed it received the files from a CIA insider and whistleblower, later identified as Joshua Schultz — currently under trial in the US.

Weeks after the WikiLeaks Vault 7 revelations, Symantec confirmed that Fluxwire was the Corentry malware that they had been tracking for years.

Source: Chinese security firm says CIA hacked Chinese targets for the past 11 years | ZDNet