Chinese MSS intelligence officers indicted for global hacking campaign
On July 19, a sealed indictment of four agents from China’s State Security Ministry (MSS) was unsealed and the individuals were charged with hacking victims in the United States and at least 11 other countries. Court documents and the announcement from the Department of Justice (DoJ) highlight the modus operandi used by MSS agents, to include their action cover mechanism which served to mask their MSS affiliation.
The FSOs will want to review the indictment of Zhu Yumin, Wu Shurong, Ding Xiaoyang and Cheng Qingman for more details on how this group of individuals, known as “APT 40”, conducted their cyber espionage activities. For FSOs whose footprint includes access to access and control of ITAR and EARS information, special emphasis should be placed on informing their trusted and approved foreign partners on the Chinese MO.
“These criminal charges underscore once again that China continues to use cyber attacks to steal what other countries are doing, in blatant disregard of its bilateral and multilateral commitments,” Deputy Attorney General Lisa O. Monaco said. . “The scale and duration of China’s hacking campaigns, including these efforts targeting a dozen countries in sectors ranging from healthcare and biomedical research to aviation and defense, remind us that no country or industry is safe. Today’s international condemnation shows that the world wants fair rules, where countries invest in innovation, not theft.
2011-2018 Chinese Global Hacking Campaign
To say that China ate their target’s lunch would be an understatement as more and more revelations surface about their repeated successes in penetrating government, academia and industry for cyberespionage purposes, albeit in 2015, Chinese President Xi signed an agreement that made it clear that China would back out of intellectual property theft.
The court documents highlight how the MSS created a shell company, “Hainan Xiandun Technology Development Co., Ltd.,” which was ostensibly a “big data security, security situational awareness, and security technology research. … Committed to exploring the development of cutting-edge science. and technology. ”Their successes have proven to be true to their word, they have developed cutting edge techniques to pursue their cyber espionage goals.
The MSS tasked the team with developing malware and vulnerability assessment methodologies for use against foreign governments, businesses and universities.
Hainan Xiandun Company clearly understood the value of total compensation and rewarded its employees (hackers) for their efforts. The indictment says the teams received training, salary, paid vacation and performance awards from MSS. The latter indicates their success in carrying out their tasks.
What did CHINA steal?
The indictment highlights how they successfully targeted Ebola research; dual-use technologies (including: “submersibles, autonomous vehicles, specialized chemical formulas and genetic sequencing technologies”); Government entities in the United States and elsewhere; Airlines and companies supporting the global aviation industry; and the United States National Institutes of Health.
Given the current global pandemic involving COVID-19 whose point of origin is associated with Wuhan, China, the efforts of Hainan Xiandun’s team undoubtedly raised eyebrows when they were discovered. The indictment notes how Zhu Yunhim was an OSINT collector targeting the US CDC and the US State Department’s biosafety engagement program. Their efforts to launch and succeed cyberespionage attacks against U.S. research entities to include the NIH, all involved in virus research, are testament to China’s interest.
As this author noted in his own book, Secrets Stolen, Fortunes Lost (Syngress 2008), the theft of intellectual property is tantamount to sucking the life blood of companies and infusing them into that of the thief. The Chinese government’s research and development centers were the direct beneficiaries of the stolen information. These entities could reach and fund domestic industry or research without the expense of the initial pioneering work carried out by targeted research and development efforts abroad.
Not surprisingly, stealing a tech trade secret is often cheaper than developing it, and the investment China has placed in it should serve as proof for every FSO and C-Suite they inform and support.