CIA was behind 11-year cyber campaign against China, claims Qihoo 360
China’s Qihoo-360 names former CIA intelligence officer it claims was behind China cyber attacks, linking him to Vault 7 trove of attack tools
The CIA was behind a campaign of cyber attacks in China, traced back to 2008.
Also categorised as APT-C-39, Chinese security firm Qihoo 360 claims that the CIA targeted aviation, scientific research, the oil industry, internet companies and government agencies in the 11-year campaign
Furthermore, Qihoo 360 has named former CIA employee, Joshua Adam Schulte as "responsible for the research, development and production of [the] cyber weapons".
The Qihoo 360 research continues: "During the group's attacks against Chinese targets, he was employed at the CIA's National Clandestine Service (NCS) as a Directorate of Science and Technology (DS&T) Intelligence Officer who [was] directly involved in the development of the cyber weapon - Vault 7."
The report adds: "Dating back to 2017, WikiLeaks received a ‘backup copy' of the hacking materials from Joshua and disclosed 8,716 documents from the CIA, including 156 confidential documents that record the CIA hacking group's attack methods, targets, tools, and technical specifications and requirements. The disclosure contains a hacking tool, Vault 7 (code name), which is considered to be the core cyber weapon.
"Qihoo 360 analysed the leaked material of Vault 7 and, associated with the team's researches, it discovered a series of targeted attacks against China's aviation industry, scientific research institutions, petroleum industry, large internet companies and government agencies.
"These 11-year attacks can be traced back to 2008 (spanning from September 2008 to June 2019), and are mainly distributed in provinces such as Beijing, Guangdong, and Zhejiang. The above-mentioned targeted attacks are all attributed to a US-related APT organization - APT-C-39."
It provides five major pieces of evidence that, it claims, prove that APT-C-39 is affiliated with the CIA.
The CIA Vault 7 weapons show... that the US has built the world's largest cyber weapons arsenal
First, the use of cyber weaponry leaked with the Vault 7 cache. "By comparing relevant sample codes, behavioral fingerprints, and other information, Qihoo 360 can be pretty sure that the cyber weapon used by the group is the cyber weapon described in the Vault 7 leaks."
Second, it claims, the technical details of most of the samples of the APT-C-39 are consistent with the ones described in the Vault 7 documents.
Third, the use of these tools long pre-dates the Vault 7 leaks. Fourth, a number of weapons attributed to APT-C-39 have long been associated with the US National Security Agency (NSA). "In the CIA confidential documents uncovered by WikiLeaks it was confirmed that the NSA assisted the CIA in developing cyber weapons, which is also a side-by-side evidence of the association between APT-C-39 and US intelligence agencies."
And, fifth, the compilation time of the "captured samples" are consistent with US business working hours.
The report concludes: "Qihoo 360 data has shown that the cyber-weapons used by the organisation and the cyber weapons described in the CIA Vault 7 project are almost identical.
Cyberspace has already become another important battleground in the war between great powers
"The CIA Vault 7 weapons show... that the US has built the world's largest cyber weapons arsenal. It has not only brought [a] serious threat to the global network security, but also demonstrates the APT organisation's high technical capabilities and professional standards.
"This form of war goes beyond hand-to-hand battle of soldiers. Cyberspace has already become another important battleground in the war between great powers. If playing the game with the CIA, the road ahead of us is long and full of difficulties and obstacles."
The Qihoo 360 research paper is not the first time that a Chinese security vendor has called-out US authorities, although it is the first time that a particular individual - in this case Joshua Adam Schulte - has been named.
The claims coincide with new legal action by the US Department of the Treasury's Office of Foreign Assets Control (OFAC) against two named Chinese nationals, who it claims helped North Korea-linked APT Lazarus launder money from attacks on Cryptocurrency exchanges.
Security specialists have suggested that the research note from Qihoo-360 is a prelude to China launch tit-for-tat legal action against the US over indictments of Chinese nationals over cyber security incidents.