The United States is capable of spying on any country anytime it wants and stealing key information as it has built an "empire of hacking" by owning the biggest cyberattack arsenal in the world and planting cyberattack weapons in almost all internet systems around the world, an investigation report said.
On Thursday, China's National Computer Virus Emergency Response Center and cybersecurity company 360 jointly released the first part of the report on the U.S. Central Intelligence Agency's cyberattacks against other countries, including China.
Based on a large number of case studies, the report revealed key features of the CIA's cyberattack weapons, and how it carried out espionage activities and stole information. The report also disclosed the details of specific cybersecurity cases that have taken place in China and other countries.
In 2020, cybersecurity company 360 discovered a new organization of hackers specializing in stealing information about China and some nations in Southeast Asia and Europe, the report said, adding that the attacks from the new organization started as early as 2011 and are still continuing.
The organization was found to have used cyberattack weapons mentioned in leaked CIA files dubbed "Vault7". Those files from the CIA's cyber intelligence center, made public by WikiLeaks in 2017, contain the attack patterns of the CIA's network operation teams, code names of operations and technical details of hacking tools.
Bian Liang, a cybersecurity expert at the 360 Advanced Threat Research Institute, said that being different from other cyberattacks, the CIA's targets are mainly critical information systems and infrastructure, aerospace and astronautical industries, scientific research institutions, the petroleum industry, internet companies and government agencies.
"Such moves can endanger national security. For example, the CIA can target key infrastructure and steal sensitive information. Also, the leaking of commercial secrets can lead to economic losses," Bian said.
During the investigations into several cyberattacks on the information systems of Chinese entities, 360 discovered a series of cyberattack weapons that follow the CIA's development specifications disclosed in Vault7 and these are exclusively meant for CIA use.
"Only a national-level hacker organization needs to develop such specifications, which serve as the basic framework for its attack platform. To avoid being detected and intercepted, the specifications will be further regulated and specialized," Bian said.
On Thursday, Foreign Ministry spokeswoman Mao Ning urged the U.S. to take the matter seriously, respond to the international community's concerns and stop using cyberattack weapons to carry out espionage activities and attacks around the world.
The large number of cases in China and other countries disclosed in the report are additional proof of the global cyberattacks launched by the CIA over the years, and the international community should stay on high alert against those moves, Mao said.
Currently, the CIA's cyberattack weapons have been planted in internet and internet of things assets around the world, the report said. Such operations clearly need to be supported by abundant funding, technologies and human resources, it said, adding that the details of more cases will be revealed in other parts of the report in the future.