A Chinese company named the Beijing Institute of Electronics Technology and Application (BIETA) has been assessed to be likely led by the Ministry of State Security (MSS).
The assessment comes from evidence that at least four BIETA personnel have clear or possible links to MSS officers and their relationship with the University of International Relations, which is known to share links with the MSS, according to Recorded Future. The names of the four individuals include Wu Shizhong, He Dequan, You Xingang, and Zhou Linna.
“BIETA and its subsidiary, Beijing Sanxin Times Technology Co., Ltd. (CIII), research, develop, import, and sell technologies that almost certainly support intelligence, counterintelligence, military, and other missions relevant to China’s national development and security,” the company said in a report shared with The Hacker News.
“Their activities include researching methods of steganography that can likely support covert communications (COVCOM) and malware deployment; developing and selling forensic investigation and counterintelligence equipment; and acquiring foreign technologies for steganography, network penetration testing, and military communications and planning.”
According to information shared on its website, BIETA is a “research and development institution” that specializes in communication technology, multimedia information processing technology, multimedia information security technology, computer and network technology application research, and special circuit development. It’s said to have existed in some form since 1983.
One of BIETA’s core focus areas concerns the use of steganography across several media, with CIII also receiving copyrights for software related to the covert communication tactic. CIII has also developed various applications for uploading files to Baidu Cloud and OneDrive, communicating with friends, and carrying out network simulations and penetration testing against websites, mobile apps, enterprise systems, servers, databases, cloud platforms, and Internet of Things devices.
As recently as November 2021, the company has worked on a tool named Intelligent Discussion Android App and a cell phone positioning system that can identify, monitor, position, and block mobile phones within large venues, including the ability to harvest text messages and calls from phones under their control.
Other solutions advertised by CIII range from communication simulation to network functionality testing tools, as well as a program called Datacrypt Hummingbird online storage upload software. That said, there is limited public information on how these programs may have augmented the MSS.
The Mastercard-owned company noted both BIETA and CIII “almost certainly” are part of a set of front organizations that contribute to the development of tools to facilitate cyber-enabled intelligence operations by Beijing’s intelligence apparatus and its proxies.
“BIETA’s research is almost certainly used to create technologies that enable the MSS’s mission. The MSS then likely makes capabilities benefiting from BIETA’s achievements available to subordinate state security departments, bureaus, and officers, which in turn provide them to their contractors or proxies,” it said.
The disclosure comes a little over a month after cybersecurity company Spur uncovered a Chinese proxy and VPN service called WgetCloud (formerly GaCloud) that has been put to use in cyber campaigns allegedly orchestrated by a North Korean threat actor known as Kimsuky.
“Whether or not they purchased a subscription or acquired this particular Trojan proxy through other means is unknown,” it said. “This highlights the broader risk of APT proxy infrastructure blending into commercial offerings.”
