2 Chinese Indicted for Conducting MSS-Directed Cyberespionage

The Department of Justice (DoJ) announced the indictment of two individuals who operated under the direction of the Chinese Ministry of State Security (MSS): Zhu Hua (朱华), aka Afwar, aka CVNX, aka Alayos, aka Godkiller; and Zhang Shilong (张士龙), aka Baobeilong, aka Zhang Jianguo, aka Atreexp. Both were associated with the Chinese cyberespionage group Advanced Persistent Threat 10 (the APT10 Group). They worked for a company in China called Huaying Haitai Science and Technology Development Company (Huaying Haitai) and acted in association with the Chinese Ministry of State Security’s Tianjin State Security Bureau.

According to the indictment, these two individuals had operated for 12 years—from 2006 to 20018—penetrating companies throughout the world for the purpose of collecting data, stealing intellectual property and conducting cybersurveillance.

Chinese offensive counterintelligence efforts followed the doctrine of “target your adversary” and that they did—a prime target were those entities most interested in stopping the Chinese efforts the managed service provider (MSP) cybersecurity community. According to the DoJ, the targeted MSPs “remotely manage the information technology infrastructure of businesses and governments around the world, more than 45 technology companies in at least a dozen U.S. states, and U.S. government agencies.” A lucrative cyber espionage target.

Where is China Focusing Its Cyberespionage Collection Efforts?

Seemingly everywhere. Identified sectors identified in the indictment include “aviation, satellite and maritime technology, industrial factory automation, automotive supplies, laboratory instruments, banking and finance, telecommunications and consumer electronics, computer processor technology, information technology services, packaging, consulting, medical equipment, healthcare, biotechnology, pharmaceutical manufacturing, mining, and oil and gas exploration and production.”

Is China Going to Slow Down Its Cyberespionage in 2019?

Not by a long shot.

We asked Jessica Abrahams, chair of the government contracts practice of law firm Drinker Biddle & Reath, her thoughts on what areas western industries can expect to see China’s intelligence apparatus to be focused in 2019 as they deploy their national resources to obtain via espionage and intellectual property theft. “Artificial intelligence, quantum, semiconductor, and telecommunications sectors will top the list,” she said. “I also believe that Chinese actors will continue to target the U.S. defense community, which is why there is a renewed focus by the U.S. government on cybersecurity for weapons systems. I believe these sectors will be targeted because of their importance to Chinese technology strategies.”

You’re the CISO, What to Do?

First step: Determine if your entity has had any interaction with Huaying Haitai. If so, then hit the klaxon: The company and its relationship with APT-10 means you’re a part of the aforementioned targeting and perhaps successful MSS cyberespionage intelligence collection.

If you find yourself to have been a victim of intellectual property theft, economic espionage or cyberespionage, reach out to your nation’s national security apparatus. “When intellectual property is stolen by a nation-state and then provided to that country’s industries, a U.S. small/medium/large business has the following recourse:  It can sue the nation state and the Chinese companies in the United States under the Defend Trade Secrets Act of 2016 and the Economic Espionage Act,” Abrahams said.

“The Defend Trade Secrets Act has extraterritorial application as long as one act in furtherance of the misappropriation occurred in the United States. That act also has a seizure remedy where extraordinary measures are required to stop the misappropriation (including trade secrets that are about to leave the country),” she continued. “Businesses in the U.S. should not hesitate to pursue these remedies if they believe their trade secrets have been stolen. This includes contacting the attorney general/DoJ for assistance.”

Given the apparent success enjoyed by the MSS in penetrating those very entities which companies turn to for their security solutions—the MSPs—it’s a bit of a conundrum. Another piece of advice from Abrahams is “a preemptive measure: All U.S. companies with trade secrets should have strict nondisclosure and confidentiality agreements with their employees, independent contractors, vendors, etc., that include injunctive relief and attorney’s fees as remedies.”

Bottom line: Every CISO should be focused on protecting their company’s crown jewels. It is infinitely easier to keep the toothpaste in the tube than try and put it back in once it is out.

USTR Section 301 Efforts

Chasing your intellectual property once it has flown the coop is always problematic, as evidenced by the number of Section 301 cases the U.S. Trade Representative (USTR) has pursued with China. Since 1974, the United States has filed more than 125 separate cases and has issued “retaliation orders” for 17 of them. The Congressional Research Service issued a report Dec. 3, “Enforcing U.S. Trade Laws: Section 301 and China,” which details the current tariff situation. The USTR has also availed a comprehensive list of its Section 301 investigations involving China, which will provide CISOs and corporate counsel a realistic optic into the level of effort involved in protecting technologies purloined by China.

Featured eBook
A Simple Guide to Successful Penetration Testing

A Simple Guide to Successful Penetration Testing

How effective are your existing security controls against a skilled adversary? Discover the answer with penetration testing. The main difference between a penetration test and an attacker is permission. A hacker won’t ask for permission when trying to expose your critical systems and assets, so pen test to protect. A pen test is not just ... Read More
Core Security

Christopher Burgess

Christopher Burgess (@burgessct) is a writer, speaker and commentator on security issues. He is a former Senior Security Advisor to Cisco and served 30+ years within the CIA which awarded him the Distinguished Career Intelligence Medal upon his retirement. Christopher co-authored the book, “Secrets Stolen, Fortunes Lost, Preventing Intellectual Property Theft and Economic Espionage in the 21st Century”. He also founded the non-profit: Senior Online Safety.

burgesschristopher has 87 posts and counting.See all posts by burgesschristopher