Chinese cyber security company Qihoo 360 published claims on 4 March 2020 that the US Central Intelligence Agency (CIA) conducted an eleven-year cyber espionage and hacking campaign against Chinese companies and organisations in the aviation, energy, and technology sectors.
Qihoo 360’s claim that the CIA – which it calls APT-C-39 – is behind this espionage and hacking campaign is based on already publicly-available information thanks to the leaking of CIA hacking and other exploitation tools to Wikileaks, allegedly by former CIA employee Joshua Adam Schulte who is on trial in the United States for the leak. These leaked exploits and tools are collectively known as Vault 7.
“It is worth noting that the attacked information technology sectors of civil aviation by the CIA are not only in China, but also involves hundreds of commercial airlines [in other] nation states,” the Qihoo 360 reports says, implying that the alleged CIA operation targeted more than just the Chinese civil aviation sector.
Qihoo 360 speculate that the purpose of the CIA’s espionage campaign against China’s aviation sector is because they are interested in tracking the travel patterns of key individuals.
According to Qihoo 360, their allegation that the CIA are behind these espionage operations is based on their analysis of malicious software (malware) found in Chinese networks that match the malware used in the leaked Vault 7 exploits.
Writing in Forbes, cyber security commentator Zak Doffman argues that the Qihoo 360 allegation are light on definitive attribution evidence and that the timing of the report’s publication raises suspicions that wider Chinese geoeconomic and geopolitical interests are at play. For starters, the Qihoo 360 claim comes shortly after US prosecutors indicted four Chinese military personnel for their role in alleged cyber espionage operations against American companies. These indictments are part of a so-called ‘name and shame’ strategy pursued by the US in order to attempt to deter further cyber-attacks.
On top of this, Doffman suggests that the ongoing trade dispute between the US and China, along with an increasing possibility of a geoeconomic and technological decoupling between the two countries, also plays a part in the Qihoo 360 allegation. By claiming that other, non-Chinese aviation companies were targeted in the alleged CIA cyber campaign Beijing can point out that it is not just Chinese economic interests that have been targeted.