Chinese security vendor Qihoo 360 says that the US Central Intelligence Agency (CIA) has hacked Chinese organizations for the last 11 years, targeting various industry sectors and government agencies.

Qihoo 360 claims in the report that lacks any technical details that "the CIA hacking group (APT-C-39)" has targeted a multitude of Chinese companies between September 2008 and June 2019, with a focus on "aviation organizations, scientific research institutions, petroleum industry, Internet companies, and government agencies."

"We speculate that in the past eleven years of infiltration attacks, CIA may have already grasped the most classified business information of China, even of many other countries in the world," Qihoo 360's report says.

"It does not even rule out the possibility that now CIA is able to track down the real-time global flight status, passenger information, trade freight and other related information.

"If the guess is true, what unexpected things will CIA do if it has such confidential and important information? Get important figures‘ travel itinerary, and then pose political threats, or military suppression?"

Image: Qihoo 360

APT-C-39 used CIA and NSA attack tools

The Chinese security firm also says that its researchers connected the APT-C-39 hacking campaigns to the CIA based on malware used during the attacks spanning over 11 years, including the Fluxwire backdoor and the Grasshopper malware builder.

Documentation info on these tools was leaked by WikiLeaks in March 2017, with the leak site saying at the time it also had "the majority of its [CIA's] hacking arsenal including malware, viruses, trojans, weaponized 'zero day' exploits, malware remote control systems and associated documentation."

Qihoo 360 found that "the technical details of most samples of the APT-C-39 are consistent with the ones described in the Vault 7 documents" and that "before the Vault 7 cyber weapon was disclosed by WikiLeaks, the APT-C-39 already used relevant cyber weapons against targets in China."

Additionally, the Chinese security outfit claims that the APT-C-39 hacking campaigns also used tools connected with the US National Security Agency (NSA). The Chinese researchers were able to detect the WISTFULTOOL data exfiltration plugin used "in an attack against a large Internet company in China in 2011."

APT-C-39 group's weapons compilation time also locates the hacking group within the U.S. time zone per Qihoo 360 seeing that "yhe compilation time of the captured samples is in line with the North American business working hours."

CIA hackers also tracked by other security firms

Qihoo 360 is not the only security vendor tracking CIA hacking campaigns, with Kaspersky and Symantec also having previously labeled them as Lamberts and Longhorn, respectively.

While Kaspersky researchers have been monitoring CIA hacking activities since 2008 (matching Qihoo 360's claims), Symantec's monitoring data goes back to at least 2011 and highlighting 40 compromised targets from roughly 16 countries, across various industry sectors in across the Middle East, Europe, Asia, and Africa.

The CIA hackers were also mentioned as the ones behind attacks on domestic Chinese aviation companies from late-2018 by the Chinese cybersecurity group Qi-Anxin in a report from September 2019 as reported by ZDNet.

Qi-Anxin's researchers, just like their Qihoo 360 counterparts, made the connection to the CIA hacking groups after spotting the Fluxwire backdoor being used during the attack.

Qihoo 360's report was published after two Chinese nationals were charged yesterday by the US Dept of Justice and sanctioned by the US Treasury for allegedly laundering over $100 million worth of cryptocurrency for North Korean actors known as Lazarus Group.