A new intelligence report has revealed connections between two Chinese research firms, the Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII), and China’s Ministry of State Security (MSS).
According to cybersecurity firm Recorded Future, BIETA appears to be managed or influenced by the MSS based on evidence linking at least four of its employees—Wu Shizhong, He Dequan, You Xingang, and Zhou Linna—to MSS officers or the University of International Relations, which is known to have ties with the agency.
BIETA and CIII reportedly research, develop, import, and distribute technologies that likely support intelligence, counterintelligence, and military missions related to China’s national security. Their research includes steganography methods that could enable covert communications and malware operations, the development of forensic and counterintelligence equipment, and the procurement of foreign technology for steganography, network penetration testing, and military communication systems.
BIETA describes itself as a research and development institution specializing in communication systems, multimedia information processing, network security, and circuit design. The organization, established in some form since 1983, has made steganography a core research focus, while its subsidiary CIII holds several copyrights for software related to covert communication.
CIII has also built various applications for file uploads to platforms like Baidu Cloud and OneDrive, along with tools for communication, network simulation, and penetration testing. These tools are designed to target websites, mobile applications, enterprise systems, cloud infrastructure, and Internet of Things devices.
In November 2021, BIETA developed an Android application named Intelligent Discussion and a cell phone positioning system capable of identifying, monitoring, and blocking mobile devices within large venues. The system can reportedly intercept text messages and calls from targeted phones.
Other tools developed by CIII include network simulation software, communication testing utilities, and an online storage solution called Datacrypt Hummingbird. However, limited public information exists regarding how these technologies have been integrated into MSS operations.
Recorded Future’s analysis suggests that both BIETA and CIII act as front organizations contributing to the MSS’s cyber capabilities. “BIETA’s research almost certainly supports the MSS’s objectives,” the report states, adding that the Ministry likely distributes technologies derived from BIETA’s work to regional security departments and proxy contractors involved in cyber operations.
The findings emerge shortly after cybersecurity company Spur identified a Chinese VPN and proxy service known as WgetCloud (previously GaCloud) being used in campaigns attributed to the North Korean threat actor Kimsuky. Spur noted that it remains unclear whether the actors purchased access to the service or obtained it through other means, emphasizing the growing risk of advanced persistent threat (APT) groups using legitimate commercial infrastructure to disguise their operations.
These revelations further illustrate China’s use of civilian-linked institutions and private firms to strengthen its cyber-intelligence apparatus and expand its operational reach in cyberspace.
