Chinese hackers continued to hire drives despite FBI charges

Hackers suspected of having a connection with Chinese intelligence were promoting new employees working on cyber-spy activities even after the FBI prosecuted the perpetrators and blocked their activities.

According to a job advertisement seen by the Financial Times, Chinese technology company Hainan Tenyuan was actively hiring English translators in March. target.

Hainan Tianyuan also has a link with another technology company Hainan Xiandun published by the FBI in the 2021 indictment as a cover of the Chinese hacking group APT40, including general contact details and employees. Part of a wider network.

APT40 has been accused of Ebola, HIV, Middle East Respiratory Syndrome, and cyber-spy acts targeting scientific research by the US and European maritime industry and naval defense contractors.Western agencies also said the group was responsible for hacking campaigns against Cambodian opposition lawmakerPolitical institutions, and NGOs for the country’s 2018 national elections.

Dmitri Alperovitch, co-founder of security group CrowdStrike and now head of the Silverado Policy Accelerator think tank, said the fact that front companies continued to advertise after being exposed to the FBI made the charges against Chinese government officials less effective. He said it was proof that he was doing it.

The first round of indictment against PLA cyber forces in 2014 sent a “shock wave through the Chinese system,” but given that the impact on state authorities tends to be minimal, such He said public accusations were no longer a deterrent.

Intelligence agencies such as the CIA in the United States and the GCHQ in the United Kingdom typically signal intelligence agencies to actively recruit future spies while in college or through public advertising activities. However, the fact that China is using front companies to disguise their work means that some applicants are unknowingly drawn into espionage.

This Week’s FT Survey clearly Hainan Xiandun sought to recruit foreign language students from public universities across China to assist in identifying intelligence targets and translating confidential documents.

Many were female foreign language students at a university on the tropical island of Hainan in southern China, seeking employment after graduation.

One student aspirant previously led a workshop entitled “The Excellent Tradition of CCP Secrets” at a local university. Another applicant had a summer job at a golf resort as a translator for foreign and Chinese executives.

Hainan Xiandun tried to leverage the student’s language skills to find cheap translators, but the ad did not reveal the nature of the work or its connection to the Department of Homeland Security.

In contrast, Hainan Tengyuan’s job ads from March on the Chinese version of the recruitment website certainly seemed to be looking for more experienced staff.

It sought applications from translators with at least five years of work experience and offered a monthly salary of about $ 2,000, more than double the amount Hainan Xiandun offered to new graduates. Still, its involvement in hacking activities has not been revealed.

A security official in the region said “multiple” Chinese hacking groups are known to be hired from universities for computer science students as well as linguists.

“They promote their position and sponsorship within the local university front company and encourage students to engage in offensive invasion activities badged as hacking competitions,” officials said. .. Officials added that the continued nature of this recruitment would have a “personal impact” on the students themselves.

Chinese intelligence expert and former FBI agent Nicholas Eftimiades said that while intelligence communities around the world have relationships with universities, “What is unique in China is unknowingly students. It is the use of the front company that is recruiting. ”

He added: “It adds another layer of cover from MSS citizens as well as foreign governments, and also provides a stable flow of cheap labor that does not require security clearance.”

The link between Hainan Xiandun and Hainan Tengyuan was two years ago. ‘The truth of invasion‘, Focusing on the work of the Chinese hacking group APT40 — also known as’Bronze’and’Leviathan’.

Researchers looked at job ads posted by Hainan’s self-proclaimed tech company and found links between five companies, including Hainan Xiandun and Hainan Tengyuan, with duplicate company descriptions, addresses, contacts, and employees.

According to company records, Hainan Tenyuan’s CEO and largest shareholder, Qiu Chuiqiang, operates three popular Cantonese-style barbecue meat restaurants in Hainan. I tried to contact Hainan Tengyuan and Qiu Chuiqiang, but I couldn’t ask for comment.

Western intelligence officials are increasing warnings about the risks of “massive” Chinese cyber operations aimed at stealing data and intellectual property from enemies.

FBI Secretary Christopher A. Wray recently launched a new China-focused defense investigation every 12 hours, stating that China has a larger hacking program in any other country combined.

China’s cyber and industrial espionage expert James Malbenon said local bureaus such as Hainan tend to be “much more entrepreneurial about their targets” than large centers in Shanghai and Beijing. He said it was clear that there was.

Alperovitch, a Silverado Policy Accelerator, said Chinese hackers working as contractors were more afraid to be prosecuted than state security officials. Such hackers have a “history of reduced activity after being named and embarrassed” because they are interested in accessing western commercial opportunities and traveling abroad. He said.

MSS and Hainan University did not respond to requests for comment.

Additional Report by Demetri Sevastopulo in Washington

Chinese hackers continued to hire drives despite FBI charges

Source link Chinese hackers continued to hire drives despite FBI charges

Back to top button