China cybersecurity firm alleges US National Security Agency is behind hacking group that has stolen a mass of critical data

This is the second time in a month that Qihoo 360 has accused the US of cyberattacks on China
Qihoo 360 says hacking group APT-C-40 is affiliated with the US government and has been secretly attacking China’s leading companies

US-China tech war

Jiaxing Li

Published: 11:00pm, 23 Mar 2022

Why you can trust SCMP

A Chinese cybersecurity company subject to US sanctions has alleged that a group of hackers backed by the US government has been attacking China for over a decade.

Qihoo 360, founded by Chinese entrepreneur Zhou Hongyi, said in a recent report that a hacking group known as APT-C-40 is affiliated with the US government and has been secretly attacking China’s leading companies, governments, research institutes and infrastructures over the past decade.

This is the second time in a month that Qihoo 360, which was delisted from the New York Stock Exchange five years after an initial public offering there in 2011, has accused the US of cyberattacks on China. An earlier March report said that the personal information of millions of Chinese internet users had already been stolen by the same US hacking group.

And back in March 2020, China’s biggest cybersecurity company alleged that US Central Intelligence Agency hackers had spent more than a decade breaking into the Chinese airline industry and other targets. The US government two months later put Qihoo 360, along with two dozen government institutions and Chinese companies, on a sanctions list for “supporting the procurement of items for military end-use in China”.

US adds oil and gas targets to its claims of cyberattacks by China

Qihoo 360’s accusations mark the latest exchange of hostilities between China and the US over cyberattacks. US cybersecurity firm Mandiant claimed in a report this month that hackers linked to China’s Ministry of State Security had attacked at least six state governments since last year.

Meanwhile, FBI chief Christopher Wray last month accused the Chinese government of “trying to steal” American ideas and innovation by launching massive hacking operations.

According to the latest Qihoo 360 report, the NSA has used quantum technology to launch cyberattacks against all internet users around the world who access US websites such as Facebook, Twitter, YouTube and Amazon. Chinese social media platforms such as QQ, a service of Tencent Holdings, are also among the US targets.

“The group has stolen massive amounts of critical data, and the potential risk it poses is immeasurable,” it added.

Qihoo 360 did not reply to a request for comment about the report from the Post. The US National Security Agency, which Qihoo 360 said was behind the APT-C-40 hacking group, did not immediately respond to a request for comment.

Providing the backdrop to cyber espionage accusations is a more tense relationship between the US and China, and rising trade and tech rivalry as China moves to increase control of its massive domestic data trove.

Who is the little-known Chinese firm accused by the US of cyberattacks?

Last year, Beijing rolled out a new cybersecurity regulation, which requires companies to keep data related to local customers and operations inside the country. This year Chinese Premier Li Keqiang said in his annual government work report that the country needs to “strengthen cybersecurity, data security and personal information protection”.

Companies in China’s cybersecurity industry have been lobbying the government to build more robust cyber defences. During the annual political session where delegates make suggestions to policymakers, Qihoo 360’s Zhou urged the government to increase cybersecurity spending to fend off potential malicious attacks from other countries.