Exclusive: How CIA uses cyber weapon ‘Beehive’ to monitor, attack global key targets

By Zhao Siwei
Published by Global Times, 19 April 2022

A cyber weapon jointly developed by the US’ Central Intelligence Agency (CIA) and defense giant Northrop Grumman has recently been exposed by Chinese cybersecurity experts. 

The cyber weapon shows that the specter of the US military-industrial complex has fully penetrated international networks and it continues to foster the US’ hegemony in cyberspace, experts said.  

According to a report sent to the Global Times on Tuesday by the National Computer Virus Emergency Response Center, the platform, named “Beehive,” is a powerful cyber weapon of the CIA characterized by advanced design and operations. The weapon clearly shows the CIA’s capabilities in the field of cyber warfare. 

An expert from the center explained that the “Beehive” platform features are typical for US military malware. The platform can support remote scanning, vulnerability exploitation, concealed implantation, secret theft, file extraction, intranet penetration, and system destruction. It has unified command and control capabilities and displays artificial intelligence behavior.

“It demonstrates that the CIA’s cyber weapons for hacking foreign countries have become systematic, scalable, traceless and artificially intelligent,” the expert said. 

“The platform is effectively concealed. The CIA attackers can use a client to send a ‘code word’ to the server to ‘wake up’ a potentially malicious code program and execute the instructions. In order to avoid intrusion detection, after sending the ‘code word,’ it will temporarily establish an encrypted communication channel according to the target environment, so as to evade technical monitoring,” he added. 

To further conceal its espionage operations, the CIA has deployed network infrastructure related to the “Beehive” platform around the world. Monitoring data analyses show the CIA set several springboard and VPN channels between main control and terminal hosts, which are widely distributed in Canada, France, Germany, Malaysia, Turkey and other countries. 

“Even though the victims found they have been attacked by the ‘Beehive’ platform, it is still very difficult for them to trace back its origins,” the expert said. 

According to the report, the CIA established a global espionage system based on the “Beehive” platform and has conducted indiscriminate cyber surveillance on high-value targets and celebrities around the world, with targets covering government agencies, political parties, nongovernmental organizations, important military units, dignitaries, experts, as well as education, scientific research, communications and medical institutions.  

The platform has been helping the CIA steal a large number of secret information from victim countries and control their important information infrastructure. It also helps the intelligence agency to access personal data from all over the world, which are needed by the US to maintain its hegemonic position.

This is the fifth cyber weapon used by the US government that has been exposed by Chinese experts in recent months. In March, Chinese cybersecurity experts for the first time disclosed a typical weapon used by the US National Security Agency (NSA) to target China. The weapon could monitor and hijack users’ social media accounts, emails and communication information.

The data stolen by the NSA around the world includes network profiles, account numbers and passwords, office and private documents, databases, online friends’ information, communications information, emails, real-time data from cameras and microphones.

Also in earlier March, China captured a spy tool deployed by the NSA, which is capable of lurking in a victim’s computer to access sensitive information and was found to have controlled global internet equipment and to have stolen large amounts of user information. 

The Trojan horse, “NOPEN,” is a remote-control tool for Unix/Linux computer systems, which is mainly used for stealing files, accessing systems, redirecting network communication, and viewing a target device’s information.

The Global Times previously reported that the NSA has been launching cyberattacks against 47 countries and regions for a decade, with Chinese government departments, high-tech companies and military-related institutes among the key targets. Cybersecurity experts warned that under the surveillance of the NSA, the privacy and sensitive information of hundreds of millions of people around the world are exposed, “like running around naked.” 

Chinese cybersecurity experts warned that this should serve as a reminder to the world that as long as the core hardware, operating system, key information infrastructure and application software of the world wide web are provided by US Internet companies, it is most likely that they contain all kinds of backdoor programs implanted by US hackers. 

Once they become US’ targets, all online activities and data stored in online servers may become victims of US intelligence cyberattacks.

See: Original Article