Full Report
Discover how China's Ministry of State Security (MSS) almost certainly operates BIETA and its subsidiary CIII as public fronts for cyber-espionage, covert communications, and technology acquisition. Critical insight for policy, academia, and cybersecurity stakeholders.
Analysis Summary
# Threat Actor: Beijing Institute of Electronics Technology and Application (BIETA) and Beijing Sanxin Times Technology Co., Ltd. (CIII)
## Attribution & Identity
**Actor Identification:** Beijing Institute of Electronics Technology and Application (BIETA), a communications technology and information security research organization.
**Attribution:** Almost certainly affiliated with China's principal civilian intelligence service, the **Ministry of State Security (MSS)**. Very likely led by the MSS and possibly a front for the MSS First Research Institute.
**Associated Groups/Subsidiaries:** Beijing Sanxin Times Technology Co., Ltd. (CIII), a wholly owned subsidiary of BIETA.
**Organizational History:** Established no later than 1990, potentially existing since 1983 (the year the MSS was created). Plausibly organized under the MSS's former 13th Bureau or the former 9th Bureau (now the 14th Bureau).
## Activity Summary
BIETA and CIII research, develop, import, and sell technologies that almost certainly support intelligence, counterintelligence, military, and national development missions for China. Their activities center around developing technologies that enable MSS intelligence officers and proxies, rather than engaging directly in illicit cyber activities themselves. They contribute to the modernization of the MSS via technology enablement.
## Tactics, Techniques & Procedures
The focus is on **technology research and development** that supports intelligence operations, rather than specific offensive cyber TTPs used directly by BIETA:
* Researching methods of **steganography** likely supporting covert communications (COVCOM) and malware deployment.
* Developing and selling **forensic investigation and counterintelligence equipment**.
* Acquiring foreign technologies for steganography, network penetration testing, and military communications/planning.
* Developing products that enable MSS and public security **counterintelligence investigations**.
* **Collaboration/Acquisition:** Likely benefits from collaboration with international academics and acquisition of foreign steganography technology via CIII to support China’s military modernization (e.g., foreign software for simulating communication networks and battlefield environments).
## Targeting
**Sectors:** Foreign export control authorities, academic institutions, and businesses with expertise in sensitive technologies (steganography, network penetration, modeling).
**Geography:** Global, as they interact with and acquire technology from foreign sources.
**Victims:** None explicitly mentioned as victims of cyber operations; the risk is to foreign governments and private businesses who might inadvertently enable the MSS/PLA through engagement or technology transfer.
## Tools & Infrastructure
* **Malware Families:** None explicitly named, but development supports covert communications (COVCOM) and malware deployment capabilities.
* **Infrastructure:** Located adjacent to the MSS headquarters compound at No. 15 Xinjian Gongmen Road, Haidian District, Beijing.
## Implications
BIETA and CIII represent a significant, previously underexplored, technology enablement front for the MSS. Engagement with these entities poses a **technology transfer risk**, potentially contributing directly to the capabilities of the MSS and the People’s Liberation Army (PLA) in areas like intelligence gathering, COVCOM, and cyber operations support. They help institutionalize the MSS's development and distribution of cyber-related tools to operational actors.
## Mitigations
* Foreign export control authorities should review BIETA and CIII and potentially restrict transactions involving sensitive technology exports to them.
* Government and military officials should be warned about these organizations' links to the MSS/PLA.
* Academic institutions and businesses involved in COVCOM, network penetration, advanced modeling, and forensic technologies should educate staff about risks associated with engagement with BIETA or CIII affiliates.
* Thorough due diligence investigations are vital before entering into any transaction involving sensitive or potentially sensitive technologies with any related party.