today published a new report accusing the U.S. Central Intelligence
Agency (CIA) to be behind an 11-year-long hacking campaign against
several Chinese industries and government agencies.
The targeted industry sectors include aviation organizations,
scientific research institutions, petroleum, and Internet
companies—which, if true, gives the CIA the ability to do
“unexpected things.”
According to the researchers, these cyberattacks were carried
out between September 2008 and June 2019, and most of the targets
were located in Beijing, Guangdong, and Zhejiang.
“We speculate that in the past eleven years of infiltration
attacks, the CIA may have already grasped the most classified
business information of China, even of many other countries in the
world,” the researchers
said.
[1]
“It does not even rule out the possibility that now the CIA is able
to track down the real-time global flight status, passenger
information, trade freight, and other related information.”
The claims made by the company are based on the evidential
connection between tools, tactics, and procedures used by a hacking
group, dubbed ‘APT-C-39‘ against Chinese industries, and the
‘Vault 7’ hacking tools developed by the CIA.
As you may remember, the massive collection of Vault 7
hacking tools (1, 2, 3, 4, 5, 6, 7) was leaked to the public in 2017 by the
whistleblower website Wikileaks, which it received from Joshua Adam
Schulte[2], a former CIA employee
who is currently facing charges for leaking classified
information.
According to Qihoo 360, the hacking tools developed by the CIA,
such as Fluxwire and Grasshopper[3], were used by the
APT-C-39 group against Chinese targets years before the Vault 7
leak.
“By comparing relevant sample codes, behavioral fingerprints,
and other information, the Qihoo 360 can be pretty sure that the
cyber weapon used by the group is the cyber weapon described in the
Vault 7 leaks,” the researchers.
“Qihoo 360 analysis found that the technical details of most of
the samples are consistent with the ones in the Vault 7 document,
such as control commands, compile PDB paths, encryption
schemes.”
Besides this, the researchers also noticed that the compilation
time of the captured samples is consistent with the U.S.
timezone.
“Through the study of the compilation time of malware, we can find
out the developer’s work schedule, so as to know the approximate
time zone of his location,” the researchers.
Additionally, the company also claimed that the hacking group
also used some tools, such as WISTFULTOOL attacking plugin,
developed by the National Security Agency (NSA) in its hacking
campaigns, including against a large Chinese Internet company in
2011.
By the way, it’s not the first time when several hacking
campaigns have been linked to the CIA based on the Vault 7 leaks.
Where Qihoo 360 is exclusively tracking Chinese targets,
researchers at Kaspersky and Symantec are tracking CIA hacking
operations as Lamberts and
Longhorn,
against other countries.
[4][5]
References
- ^
researchers said
(blogs.360.cn) - ^
Joshua Adam Schulte
(thehackernews.com) - ^
Grasshopper
(thehackernews.com) - ^
Lamberts
(securelist.com) - ^
Longhorn
(thehackernews.com)
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/NdDflyQa3lE/china-cia-hackers.html