Full Report
A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS). The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the
Analysis Summary
# Threat Actor: BIETA / CIII (Fronts for China's MSS)
## Attribution & Identity
The threat actor ecosystem centers around the **Beijing Institute of Electronics Technology and Application (BIETA)** and its subsidiary, **Beijing Sanxin Times Technology Co., Ltd. (CIII)**. These entities are assessed to be working for or operating as front organizations for China's **Ministry of State Security (MSS)**. Specific individuals linked potentially to MSS officers include Wu Shizhong, He Dequan, You Xingang, and Zhou Linna.
## Activity Summary
BIETA and CIII research, develop, import, and sell technologies that support MSS intelligence, counterintelligence, military, and national development missions. Their activities focus on developing offensive and intelligence-gathering capabilities, including research into steganography for covert communications and malware deployment, and creating tools for forensic investigation and network penetration testing.
## Tactics, Techniques & Procedures
- Researching and developing methods of **steganography** likely for covert communications (COVCOM) and malware deployment.
- Developing and selling **forensic investigation and counterintelligence equipment**.
- Acquiring foreign technologies related to steganography, network penetration testing, and military communications.
- Conducting **network penetration testing** against websites, mobile apps, enterprise systems, servers, databases, cloud platforms, and IoT devices.
- Developing tools for **mobile phone tracking/monitoring**, including harvesting text messages and calls from controlled devices.
- Utilizing commercial cloud services (e.g., Baidu Cloud, OneDrive) for file uploads.
## Targeting
- Sectors: Intelligence, counterintelligence, military, and national development sectors relevant to China's security apparatus.
- Geography: Not explicitly stated, but operations facilitate the MSS's broader intelligence mandates.
- Victims: Specific victims were not mentioned, but their technology development efforts target enterprise systems, mobile device users, and network infrastructure broadly.
## Tools & Infrastructure
- **Malware Families Used:** Software applications related to covert communication and network testing were developed. Specific publicly known malware names were not provided, but development included:
- Datacrypt Hummingbird online storage upload software.
- Intelligent Discussion Android App (developed circa November 2021).
- **Infrastructure:** The article mentions CIII developed tools for uploading to **Baidu Cloud** and **OneDrive**.
- **Other Tools:** Mobile phone positioning/monitoring system capable of harvesting communications.
## Implications
BIETA/CIII represent an integral part of the MSS's technological enablement pipeline. They function as research and development fronts that create sophisticated tools (especially in steganography and network exploitation) which are then likely distributed down to MSS subordinate departments, bureaus, and potentially their contractors or proxies for real-world intelligence operations. This highlights how commercial/research facing entities are leveraged to advance state cyber missions.
## Mitigations
- Increased scrutiny of Chinese technology research and development firms, particularly those specializing in communication security, multimedia processing, and network security technologies for potential linkage to state intelligence agencies.
- Defense against advanced covert communication techniques, including monitoring for anomalous data exfiltration channels that might leverage steganography.
- Enhanced mobile device security and monitoring, given the development of tools specifically designed to monitor, position, and harvest data from mobile phones in large venues.