Cybersecurity experts from Recorded Future think the cybercrime group we know as APT3 is on the Chinese Ministry of State Security’s payroll.
It bases its conclusions on the work of ‘intrusiontruth’, a group claiming to have investigated some of the most important APT actors. Analysing APT3’s C&C infrastructure, it came across two names – Wu Yingzhuo and Dong Hao, who allegedly registered many of the domains that the threat actors had used.
Both names are also shareholders for a China-based security firm Guangzhou Boyu Information Technology Company, or Boyusec.
According to the Washington Free Beacon, Boyusec worked with Huawei to create security solutions that come with spyware. Some anonymous officials said Boyusec was “closely connected” to the Chinese Ministry of State Security.
So, Intrusiontruth concludes that there are either two groups of individuals with the same name, or it’s just too big of a coincidence. Based on this research Recorded Future continued to dig and finally said it can claim, “with a high degree of confidence”, that APT3 is directly linked to the MSS.
“The lifecycle of APT3 is emblematic of how the MSS conducts operations in both the human and cyber domains,” the report states.
“According to scholars of Chinese intelligence, the MSS is composed of national, provincial, and local elements. Many of these elements, especially at the provincial and local levels, include organizations with valid public missions to act as a cover for MSS intelligence operations. Some of these organizations include think tanks such as CICIR, while others include provincial-level governments and local offices.”
You can read the entire report on this link.
Photo Credit: andriano.cz/Shutterstock