Kathianne
06-06-2017, 12:07 PM
http://freebeacon.com/national-security/security-analysts-confirm-links-beijing-spy-agency-security-firm/
Security Analysts Confirm Links Between Beijing Spy Agency and Security FirmBoyusec carries out intel collection, cyber reconnaissance for MSS By Bill Gertz June 6, 2017 5:00 am
A Chinese cyber security firm carried out a global campaign of cyber espionage and reconnaissance for the Ministry of State Security, Beijing's main civilian spy service, according to security researchers.
The company known as Boyusec, located in Guangzhou near Hong Kong, was traced to large-scale MSS cyber operations to steal corporate and government secrets, and to conduct cyber reconnaissance—preparing foreign networks for cyber attacks in a future conflict.
The company was first exposed as an MSS front by the Washington Free Beacon in November (http://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/).
Following that report, an anonymous security group or researcher, identified only as "intrusiontruth," reported (https://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/) May 9 that Boyusec is an MSS contractor and two of its officials, Wu Yingzhuo and Dong Hao were linked to Chinese intelligence cyber operations.
Then on May 17, the security firm Recorded Future confirmed (https://www.recordedfuture.com/chinese-mss-behind-apt3/) that Boyusec is linked to MSS components.
"We believe that they were doing intelligence collection and reconnaissance work since at least 2010," Samantha Dionne, a threat analyst with Recorded Future said in an interview.
"They've targeted a really broad range of companies and government departments," she added, including those in defense industries, telecommunications, advanced technology, and government departments in the United States, Canada, Europe, and Hong Kong.
"They've been conducting a number of operations every year," Dionne said.
Investigations into the MSS cyber operations by both intrusiontruth and Recorded Future were launched after the Free Beacon revealed that the Pentagon had linked Boyusec to the MSS.
An NSA document disclosed by NBC in 2015 revealed that the MSS is one of three main hacking intelligence organizations. The agency identified six known MSS cyber units and 22 suspected MSS hacker groups, along with 28 known or suspected cyber units linked to the People's Liberation Army (PLA) Technical Department known as 3PLA. Together the two agencies were linked to 700 cyber attacks in the United States as of 2015, according to NSA.
According to the Pentagon's annual report on the Chinese military, the MSS is "the main civilian secret intelligence/counterintelligence service."
The spy service is mainly a human intelligence gathering service but in recent years has been very active in conducting cyber attacks to support the Communist government.
"The missions of the MSS are: to protect China’s national security; secure political and social stability; implement the ‘National Security Law' and related laws and regulations; protect state secrets; counterintelligence; and investigate organizations or people inside China who personally carry out or direct, support, or aid other people in harming China’s national security," the report said.
Intrusiontruth discovered that Wu and Dong were both shareholders in Boyusec through conducting domain name history searches. The group discovered that the shareholders had been hard coded into some of the malware used in the cyber attacks.
...
Security Analysts Confirm Links Between Beijing Spy Agency and Security FirmBoyusec carries out intel collection, cyber reconnaissance for MSS By Bill Gertz June 6, 2017 5:00 am
A Chinese cyber security firm carried out a global campaign of cyber espionage and reconnaissance for the Ministry of State Security, Beijing's main civilian spy service, according to security researchers.
The company known as Boyusec, located in Guangzhou near Hong Kong, was traced to large-scale MSS cyber operations to steal corporate and government secrets, and to conduct cyber reconnaissance—preparing foreign networks for cyber attacks in a future conflict.
The company was first exposed as an MSS front by the Washington Free Beacon in November (http://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/).
Following that report, an anonymous security group or researcher, identified only as "intrusiontruth," reported (https://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/) May 9 that Boyusec is an MSS contractor and two of its officials, Wu Yingzhuo and Dong Hao were linked to Chinese intelligence cyber operations.
Then on May 17, the security firm Recorded Future confirmed (https://www.recordedfuture.com/chinese-mss-behind-apt3/) that Boyusec is linked to MSS components.
"We believe that they were doing intelligence collection and reconnaissance work since at least 2010," Samantha Dionne, a threat analyst with Recorded Future said in an interview.
"They've targeted a really broad range of companies and government departments," she added, including those in defense industries, telecommunications, advanced technology, and government departments in the United States, Canada, Europe, and Hong Kong.
"They've been conducting a number of operations every year," Dionne said.
Investigations into the MSS cyber operations by both intrusiontruth and Recorded Future were launched after the Free Beacon revealed that the Pentagon had linked Boyusec to the MSS.
An NSA document disclosed by NBC in 2015 revealed that the MSS is one of three main hacking intelligence organizations. The agency identified six known MSS cyber units and 22 suspected MSS hacker groups, along with 28 known or suspected cyber units linked to the People's Liberation Army (PLA) Technical Department known as 3PLA. Together the two agencies were linked to 700 cyber attacks in the United States as of 2015, according to NSA.
According to the Pentagon's annual report on the Chinese military, the MSS is "the main civilian secret intelligence/counterintelligence service."
The spy service is mainly a human intelligence gathering service but in recent years has been very active in conducting cyber attacks to support the Communist government.
"The missions of the MSS are: to protect China’s national security; secure political and social stability; implement the ‘National Security Law' and related laws and regulations; protect state secrets; counterintelligence; and investigate organizations or people inside China who personally carry out or direct, support, or aid other people in harming China’s national security," the report said.
Intrusiontruth discovered that Wu and Dong were both shareholders in Boyusec through conducting domain name history searches. The group discovered that the shareholders had been hard coded into some of the malware used in the cyber attacks.
...