The targeted industry sectors include aviation organizations, scientific research institutions, petroleum, and Internet companies—which, if true, gives the CIA the ability to do "unexpected things."
According to the researchers, these cyberattacks were carried out between September 2008 and June 2019, and most of the targets were located in Beijing, Guangdong, and Zhejiang.
"We speculate that in the past eleven years of infiltration attacks, the CIA may have already grasped the most classified business information of China, even of many other countries in the world," the researchers said.
"It does not even rule out the possibility that now the CIA is able to track down the real-time global flight status, passenger information, trade freight, and other related information."
The claims made by the company are based on the evidential connection between tools, tactics, and procedures used by a hacking group, dubbed 'APT-C-39' against Chinese industries, and the 'Vault 7' hacking tools developed by the CIA.
As you may remember, the massive collection of Vault 7 hacking tools (1, 2, 3, 4, 5, 6, 7) was leaked to the public in 2017 by the whistleblower website Wikileaks, which it received from Joshua Adam Schulte, a former CIA employee who is currently facing charges for leaking classified information.
According to Qihoo 360, the hacking tools developed by the CIA, such as Fluxwire and Grasshopper, were used by the APT-C-39 group against Chinese targets years before the Vault 7 leak.
"By comparing relevant sample codes, behavioral fingerprints, and other information, the Qihoo 360 can be pretty sure that the cyber weapon used by the group is the cyber weapon described in the Vault 7 leaks," the researchers.
"Qihoo 360 analysis found that the technical details of most of the samples are consistent with the ones in the Vault 7 document, such as control commands, compile PDB paths, encryption schemes."
Besides this, the researchers also noticed that the compilation time of the captured samples is consistent with the U.S. timezone.
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
"Through the study of the compilation time of malware, we can find out the developer's work schedule, so as to know the approximate time zone of his location," the researchers.
Additionally, the company also claimed that the hacking group also used some tools, such as WISTFULTOOL attacking plugin, developed by the National Security Agency (NSA) in its hacking campaigns, including against a large Chinese Internet company in 2011.
By the way, it's not the first time when several hacking campaigns have been linked to the CIA based on the Vault 7 leaks. Where Qihoo 360 is exclusively tracking Chinese targets, researchers at Kaspersky and Symantec are tracking CIA hacking operations as Lamberts and Longhorn, against other countries.