Full Report
A federal prosecutor alleged one defendant boasted that his father “had engaged in similar business for the Chinese Communist Party.”
Analysis Summary
# Threat Actor: Unnamed Network/Individuals (Linked to CCP Activities)
## Attribution & Identity
The primary focus is on four indicted defendants: Hon Ning Ho (alleged ringleader), Brian Curtis Raymond, Cham Li, and Jing Chen, involved in a US-based smuggling conspiracy. Cham Li specifically boasted via text messages about his father having "engaged in similar business on behalf of the Chinese Communist Party," suggesting a long-running, potentially state-affiliated support network operating outside the immediate group.
## Activity Summary
The described activity is a conspiracy focused on illegally acquiring and exporting advanced US-origin technology, specifically high-end Nvidia GPUs (A100 and H200) and supercomputers containing H100 chips, to Chinese companies. The scheme involved purchasing hardware via a sham real estate company in Florida and shipping it to China via intermediate locations (Thailand and Malaysia) using falsified customs paperwork. The operation allegedly resulted in the illegal export of approximately 400 Nvidia A100 GPUs and attempts to smuggle H200 chips and multiple supercomputers.
## Tactics, Techniques & Procedures
- **Procurement Fraud/Smuggling:** Utilizing a front company (sham real estate entity) to purchase restricted hardware.
- **Supply Chain Manipulation:** Exploiting international logistics routes (via Thailand and Malaysia) to circumvent US export controls.
- **Deception:** Using "doctored customs paperwork" to mask the true destination and nature of the shipment.
- **Insider Knowledge/Beneficiary Awareness:** At least one defendant (Li) was allegedly aware of the export controls via news articles but proceeded based on family connections/methods.
- *MITRE ATT&CK IDs are not explicitly mentioned in the text.*
## Targeting
- **Sectors:** Technology/Semiconductor procurement, likely serving military/government end-users in the target nation.
- **Geography (Origin/Movement):** US (Florida, Alabama, California) $\rightarrow$ Thailand and Malaysia $\rightarrow$ China.
- **Victims (Targeted Entities/Regulations):** US Export Control system and regulations governing the sale of advanced AI/HPC hardware to China.
- **End-Users (Beneficiaries):** Two undisclosed Chinese companies, allegedly paying nearly \$3.9 million. The prosecutor noted the end-use includes military, surveillance, disinformation, and cybersecurity applications.
## Tools & Infrastructure
- **Hardware/Goods:** Nvidia A100 GPUs (approx. 400 shipped), Nvidia H200 chips (approx. 50 attempted), and approximately 10 Hewlett Packard Enterprise supercomputers containing Nvidia H100 chips.
- **Infrastructure:** A sham real estate company in Florida used for procurement. International transit points in Thailand and Malaysia.
- **Communication:** Text messages used to relay details and boast about familial CCP connections.
## Implications
This case highlights the persistent, sophisticated, and potentially state-supported efforts by entities within China to bypass US export controls designed to slow the nation's advancement in high-performance computing and AI development (including autonomous weapons and surveillance). The direct mention of familial links to the **Chinese Communist Party (CCP)** suggests a fusion of illicit commercial activity with national strategic goals, indicating a threat actor ecosystem comfortable operating illegally due to perceived political protection or influence.
## Mitigations
- **Enhanced Supply Chain Vetting:** Increased scrutiny of high-value technology component purchases, especially when associated with vague shell entities (e.g., real estate companies buying high-tech components).
- **Third-Party Vetting:** Increased due diligence on logistics partners and transshipment points (like Thailand and Malaysia) identified as smuggling hot spots.
- **Supply Chain Monitoring:** Vigilance against the resale of restricted components on secondary markets, as detailed in Nvidia’s statement.
- **Employee Awareness:** Training, especially for personnel in hardware distribution, on current export control regulations, as evidence suggests awareness of controls did not deter action in this case.