China: The Chinese cybersecurity firm Qihoo released a report accusing the CIA (Central Intelligence Agency) of being behind multiple cyber-attacks targeting Chinese entities. Targets of the attacks were located in Beijing, Guangdong, and Zhejiang and dealt with a range of industries including the aviation industry, research intuitions, petroleum industry, Internet companies, and government agencies. Qihoo stated that they believe these attacks were carried out to gain a foothold into targeted systems to allow the CIA long-term intelligence gathering. The attacks were linked back to the CIA through two types of malware, dubbed Fluxwire and Grasshopper. Both of these malware programs were released in 2017 after a backup copy of the CIA’s arsenal was handed over to Wiki Leaks, known commonly as the Vault 7 leak. Shortly after the leak, security companies including Symantec identified malware that they had been tracking for years as being included in the Vault 7 leak. Qihoo linked these attacks on Chinese entities to the CIA by matching attack details such as Command and Control (C2) servers and other Indicators of Compromise (IOCs).
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is