In what appears to be a retaliatory move, China accuses the CIA of waging an 11-year long cyber espionage campaign. Moreover, a report claims a secret CIA unit called APT-C-39 has been targeting industries and government sectors in China.
Qihoo 360, a Chinese cyber security firm, this week published a report accusing the US’s Central Intelligence Agency (CIA) of cyber espionage. Furthermore, the report states that the 11-year long cyber espionage campaign was discovered by analyzing documents released on WikiLeaks.
In 2017, a former CIA agent, Joshua Adam Schulte, purportedly released a cache of documents dubbed “Vault 7” to WikiLeaks. The Vault 7 documents revealed details of the CIA’s cyber-weapons and hacking techniques.
Researchers discovered the cyber espionage campaign by comparing tools used in past cyberattacks on China against CIA hacking tools and techniques mentioned in the Vault 7 documents.
Targets of the Alleged CIA Cyber Espionage Campaign
The report claims that the CIA’s espionage campaign targeted China’s most important industries. “Qihoo 360 discovered and revealed cyber-attacks by the CIA hacking group (APT-C-39) which lasts for eleven years against China,” researchers wrote in the report. “Several industry sectors have been targeted including aviation organizations, scientific research institutions, petroleum industry, Internet companies, and government agencies.”
The report also states the hacking of the aviation industry might have been aimed at tracking “important figures’ travel itinerary.”
Over the years, many allegations of hacking have been levelled against China. For example, the Chinese have been accused of conducting state backed hacking campaigns and of selling devices to the West that spy on its users. Furthermore, in the last month the US has indicted 4 Chinese military officers for cybercrimes and cyber espionage. There has also been the ongoing standoff with China over their 5G and AI products, with Huawei products being front and center.
Consequently, Chinese firms have turned around and have begun levelling similar allegations against the US and other nations. Qihoo 360 is now the second Chinese firm to make allegations against the West. They state that: “The CIA Vault 7 weapons show from the side that the United States has built the world’s largest cyber weapons arsenal. It has not only brought serious threat to the global network security, but also demonstrate the APT [APT-C-39] organization’s high technical capabilities and professional standards.”
The first to publish allegations against the West was the Chinese security firm Qi An Xin. In September 2019, it published a similar report to Qihoo’s, linking the CIA to attacks targeting Chinese aviation agencies.
Timing of Retaliation
The timing of Qihoo’s report could be seen as being in retaliation of the indictment of the four Chinese military officers. The officers were indicted over the breach of the US’s credit reporting agency, Equifax.
For Beijing, the public accusations of espionage and intellectual property theft leveled against China, is likely seen as biased. Thus, these recent reports could be the start of a Chinese attempt to balance the scales.