China: The Chinese cybersecurity firm Qihoo released a report accusing the CIA (Central Intelligence Agency) of being behind multiple cyber-attacks targeting Chinese entities. Targets of the attacks were located in Beijing, Guangdong, and Zhejiang and dealt with a range of industries including the aviation industry, research intuitions, petroleum industry, Internet companies, and government agencies. Qihoo stated that they believe these attacks were carried out to gain a foothold into targeted systems to allow the CIA long-term intelligence gathering. The attacks were linked back to the CIA through two types of malware, dubbed Fluxwire and Grasshopper. Both of these malware programs were released in 2017 after a backup copy of the CIA’s arsenal was handed over to Wiki Leaks, known commonly as the Vault 7 leak. Shortly after the leak, security companies including Symantec identified malware that they had been tracking for years as being included in the Vault 7 leak. Qihoo linked these attacks on Chinese entities to the CIA by matching attack details such as Command and Control (C2) servers and other Indicators of Compromise (IOCs).
Analyst Notes
Because the Vault 7 data was released to Wikileaks in 2017, other people have been able to research and abuse the tools. Because of this, it makes it harder to attribute attacks to a certain group such as the CIA, because of their attack arsenal becoming public. By using IOCs, it makes it more clear who may have been behind these attacks but cannot be attributed with 100% confidence due to false flag operations. Many people in China are calling for retaliation against the United States. Because of Chinese government control over the media, it is extremely biased in what it reports. Most likely, many Chinese citizens do not know about offensive hacking operations carried out by Chinese state-sponsored groups, which would make them irate when they hear the US was allegedly carrying out offensive attacks against them. It is no secret that most major countries in the world carry out offensive cyber-attacks, but after this report, the United States may see an increase in potential attacks from China as a way to retaliate.
More information can be found here: https://www.zdnet.com/article/chinese-security-firm-says-cia-hacked-chinese-targets-for-the-past-11-years/
