Content, Americas, Asia Pacific, Vertical markets

Chinese Security Firm Accuses CIA of 11-year Hacking Scheme


A China-based Internet security provider has charged U.S. intelligence operatives with conducting an 11-year cyber espionage campaign targeting Chinese critical infrastructure.

Qihoo 360 accused the U.S. Central Intelligence Agency (CIA) of aiming cyber attacks at key sectors such as China’s aviation and energy industries as well as government agencies, scientific research organizations and internet service providers, Reuters reported. The Chinese anti-virus specialist went so far as to accuse the CIA of monitoring the travel movements of individuals through hacking airline companies.

In a blog post, the Beijing-based company said its accusations came from comparing malicious software code it had uncovered against CIA hacking tools previously distributed on the internet, referencing a series of WikiLeaks data dumps of the agency’s cyber spying tools in 2017. Qihoo 360 said it has code-named the CIA organization APT-C-39. The hacks, which ran from September 2008 to June 2019, were concentrated in Beijing, Guangdong, and Zhejiang and aimed primarily at system developers involved in civil aviation technology such as flight control systems, freight information services, settlement and distribution services and passenger information systems, Qihoo said.

The company specifically named Joshua Adam Schulte, a former CIA coder, of slipping the CIA’s espionage warfare to WikiLeaks. “The research also shows that a former CIA employee Joshua Adam Schulte was responsible for the research, development and production of cyber weapons. During the group’s attacks against Chinese targets, he was employed at the CIA’s National Clandestine Service (NCS) as a Directorate of Science and Technology (DS&T) Intelligence Officer who directly involved in the development of the cyber weapon – Vault 7. This clue further attributes this APT group’s attack to the CIA,” the blog reads.

To make its claims, Qihoo said that it analyzed dozens of the CIA’s documents from the WikiLeaks exposure that detailed the agency’s “attack methods, targets, tools and technical specifications and requirements.” In that disclosure was the Vault 7 hacking project, which it believes is the “core cyber weapon” of the CIA’s alleged hacks.

After more than a decade of “infiltration attacks,” Quihoo figures that the CIA has a good handle on the ”most classified business information of China, even of many other countries in the world” and it doesn’t discount the possibility that the spy agency is capable of tracking global flight status, passenger information, trade freight and other related information in real time.

Qihoo concedes that it can only guess what “unexpected things” the CIA would do with such “confidential and important information.” For years, the U.S. has detailed alleged cyber infiltration by Chinese hackers against U.S. companies and institutions to which Beijing has denied. To some degree, Qihoo’s charges against the CIA may serve as a counter-offensive of sorts.

Neither the CIA nor the Chinese Embassy in Washington or Qihoo’s chief security officer responded to Reuters’ requests for comment, the media outlet said.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.