Man
Professional
- Messages
- 2,956
- Reaction score
- 477
- Points
- 83
Who are the Chinese hackers who are playing a double game in cyberspace around the world?
According to Sekoia, three main government agencies — the People's Liberation Army (PLA), the Ministry of State Security (MGB), and the Ministry of Public Security (MOB) — play a key role in China's cyber activity. Since the beginning of 2021, operations attributed to China have been increasingly associated with the MGB, while the activity of the PLA has decreased markedly since the military reform in 2015.
Military-related groups such as BlackTech, Naikon, Tonto Team, and Tick have become less active. They have been replaced by MGB-controlled groups such as APT10, APT31, APT40, APT41, Mustang Panda, and Lucky Mouse.
Unlike the Ministry of State Security, the Ministry of Security rarely conducts cyberattacks, as it is focused on internal tasks - the fight against crime and control over Internet content. In addition, the Ministry of Public Security tracks dissidents both inside and outside the country. Groups such as Poison Carp and the 912 Special Project Working Group are doing this.
According to the study, the MOB also conducts influence operations in Southeast Asian countries. It is reported that for such tasks, the department can receive assistance from one of the largest Chinese information security companies - QiAnXin.
Interestingly, the regional branches of the Ministry of State Security and the Ministry of Public Security have a lot of freedom of action. They actively engage private companies to carry out attacks and collect data, which allows them to operate covertly and avoid direct attribution to government agencies.
In addition to government agencies, ordinary citizens, the so-called patriotic hackers, once participated in such operations. Previously, they carried out attacks in response to international conflicts, but over time, their activities became part of state operations. Since the mid-2000s, these hackers have stopped acting alone and started working in private companies, continuing to participate in cyberattacks at a professional level.
The report focuses on how patriotic hackers helped create malware such as PlugX and ShadowPad, which are now heavily used by Chinese APT groups. All of this was made possible by the policies of Xi Jinping, who in 2015 officially combined the efforts of military and civilian specialists for cyber operations.
Recent leaks from Chinese IT company I-SOON have revealed important details about how China orchestrates cyberattacks. Government agencies are increasingly engaging private companies at the provincial and city levels to carry out cyber operations. This hides the true sources of attacks and makes them more difficult to track.
The MGB actively collects data on new vulnerabilities, receiving it from researchers and companies, in order to then use these vulnerabilities in attacks. The report also notes that companies such as I-SOON and other technology firms now provide their services not only to large government entities, but also for individual operations.
The report suggests that modern APT groups from China are a hybrid of private and public hackers who cooperate to carry out sophisticated attacks, rather than being limited to one specific structure. This complicates the attribution process and underscores China's strategic focus on using a variety of resources for cyber espionage and information operations.
Source
According to Sekoia, three main government agencies — the People's Liberation Army (PLA), the Ministry of State Security (MGB), and the Ministry of Public Security (MOB) — play a key role in China's cyber activity. Since the beginning of 2021, operations attributed to China have been increasingly associated with the MGB, while the activity of the PLA has decreased markedly since the military reform in 2015.
Military-related groups such as BlackTech, Naikon, Tonto Team, and Tick have become less active. They have been replaced by MGB-controlled groups such as APT10, APT31, APT40, APT41, Mustang Panda, and Lucky Mouse.
Unlike the Ministry of State Security, the Ministry of Security rarely conducts cyberattacks, as it is focused on internal tasks - the fight against crime and control over Internet content. In addition, the Ministry of Public Security tracks dissidents both inside and outside the country. Groups such as Poison Carp and the 912 Special Project Working Group are doing this.
According to the study, the MOB also conducts influence operations in Southeast Asian countries. It is reported that for such tasks, the department can receive assistance from one of the largest Chinese information security companies - QiAnXin.
Interestingly, the regional branches of the Ministry of State Security and the Ministry of Public Security have a lot of freedom of action. They actively engage private companies to carry out attacks and collect data, which allows them to operate covertly and avoid direct attribution to government agencies.
In addition to government agencies, ordinary citizens, the so-called patriotic hackers, once participated in such operations. Previously, they carried out attacks in response to international conflicts, but over time, their activities became part of state operations. Since the mid-2000s, these hackers have stopped acting alone and started working in private companies, continuing to participate in cyberattacks at a professional level.
The report focuses on how patriotic hackers helped create malware such as PlugX and ShadowPad, which are now heavily used by Chinese APT groups. All of this was made possible by the policies of Xi Jinping, who in 2015 officially combined the efforts of military and civilian specialists for cyber operations.
Recent leaks from Chinese IT company I-SOON have revealed important details about how China orchestrates cyberattacks. Government agencies are increasingly engaging private companies at the provincial and city levels to carry out cyber operations. This hides the true sources of attacks and makes them more difficult to track.
The MGB actively collects data on new vulnerabilities, receiving it from researchers and companies, in order to then use these vulnerabilities in attacks. The report also notes that companies such as I-SOON and other technology firms now provide their services not only to large government entities, but also for individual operations.
The report suggests that modern APT groups from China are a hybrid of private and public hackers who cooperate to carry out sophisticated attacks, rather than being limited to one specific structure. This complicates the attribution process and underscores China's strategic focus on using a variety of resources for cyber espionage and information operations.
Source
