Repeating a claim similar to one made in 2020, China is accusing the Central Intelligence Agency (CIA) of deploying cyber weapons to promote “color revolutions” that aim for government regime change.
This type of accusation is nothing new for China, let alone other nations that the US has perpetual tension with such as Russia and Iran. But in this case the National Computer Virus Emergency Response Centre (CVERC), in partnership with Chinese security firm 360, are making some specific claims about CIA capabilities deployed in foreign countries as well as the agency’s use of botnets and malware in its pursuits.
China may be looking to take heat off its own APT groups
According to record-keeping and activity tracking by a number of security firms, China has the largest number of advanced persistent threat (APT) groups actively hacking both government and civilian targets in other nations. These firms very rarely chronicle the exploits of the state-backed hackers fielded by the US and its allies, however, and China may be looking to even the public relations playing field.
The country has previously tried this tack in 2020, when the Chinese Foreign Ministry used research conducted by security firm Qihoo to claim the CIA had been active in the country for over a decade and regularly deployed cyber weapons against civilian targets. While the West generally does not deny hacking for espionage, it attempts to hold moral high ground by pointing out that countries like China and Russia cross additional lines by stealing intellectual property from private companies and infiltrating utilities.
China’s current claims appear to be a mix of information about cyber weapons taken from prior leaks involving the CIA, particularly the notorious Vault 7 leaks that Wikileaks was involved with, and new claims about how the agency supports foreign revolutions.
China lists malware, botnets and trojans as CIA cyber weapons
The CVERC paints a picture of a globe-spanning network utilized regularly by the CIA, supported by botnets and local servers used to disrupt targets and deploy malware. But the new information seems to focus on the support services that the agency provides for protesters and anti-government movements rather than offensive cyber weapons, such as what appears to be a peer-to-peer network that allows for these parties to communicate directly even when the internet is cut off or censored.
The claim is also made that the CIA is monitoring the internet in foreign countries during political rallies and similar events, and provides TOR and other encrypted communication services to the sides that it supports in assorted countries in the Middle East. The report claims that the CIA has been involved in the attempted overthrow of at least 50 governments, though this appears to be a reference to the entirety of the past 75 years rather than some sort of recent campaign.
The Vault 7 leaks verified that the CIA has a broad assortment of cyber weapons that provide offensive hacking capability, though those documents only covered tools that were developed up to 2016. During the 2020 accusations, Qihoo had previously said that it had linked malware it had found to the items that were documented in the Vault 7 files.