Chinese Cyber Operations Groups

leave a comment »

And after the Russian and US ones, here is the one of the publicly known Chinese offensive cyber operations groups and their associations. Just like in the other cases, this will be a live document updated in this page as soon as new information becomes available.

For the same reason, if you notice any mistakes, errors, or missing information please let me know and I will update it as soon as possible. Also, to improve the transparency below the diagram you can find a complete list of the sources used to construct it.

Last Update: 18 June 2021

Sources

• Taiwan’s Ministry of Defense: A Study on the Threat of the CCP’s Cyber Army Development
• US Naval Postgraduate School: Chinese Cyber Espionage: A Complementary Method to Aid PLA Modernization
• The Jamestown Foundation: The People’s Liberation Army Strategic Support Force: Update 2019
• Wikipedia: Ministry of State Security
• Wikipedia: Ministry of Public Security
• Wikipedia: People’s Liberation Army Strategic Support Force
• Wikipedia: 2015 People’s Republic of China military reform
• Wikipedia: China Chopper
• Recorded Future: Recorded Future Research Concludes Chinese Ministry of State Security Behind APT3
• Recorded Future: Threat Activity Group RedFoxtrot Linked to China’s PLA Unit 69010; Targets Bordering Asian Countries
• The News Lens: China’s Cyber-Focused Military Unit Emerges from the Shadows
• US Department of Justice: Two Chinese Hackers Associated With the Ministry of State Security Charged with Global Computer Intrusion Campaigns Targeting Intellectual Property and Confidential Business Information
• US Department of Justice: Kevin Patrick Mallory Criminal Complaint
• US Department of Justice: U.S. Charges Three Chinese Hackers Who Work at Internet Security Firm for Hacking Three Corporations for Commercial Advantage
• US Department of Justice: Seven International Cyber Defendants, Including “Apt41” Actors, Charged In Connection With Computer Intrusion Campaigns Against More Than 100 Victims Globally
• MITRE: ATT&CK Groups
• Stratfor Global Intelligence: Intelligence Services, Part 1: Espionage with Chinese Characteristics
• Google: APT Groups and Operations
• Intrusion Truth: APT17 is run by the Jinan bureau of the Chinese Ministry of State Security
• Intrusion Truth: APT40 is run by the Hainan department of the Chinese Ministry of State Security
• Intrusion Truth: An APT with no name
• Intrusion Truth: Who is Mr. Zhao?
• Malpedia Actors
• Symantec: APT41: Indictments Put Chinese Espionage Group in the Spotlight
• Healthcare Cybersecurity Coordination Center (HC3): Chinese State-Sponsored Cyber Activity
• Mainichi Shimbun, Mainichi: Is the PLA involved in a cyber attack? Chinese document sending JAXA target
• The Japan Times: Chinese military seen behind Japan cyberattacks
• CISA: Alert (AA18-284A): Publicly Available Tools Seen in Cyber Incidents Worldwide
• FBI: Flash Alert (AC-000128-TT): Indictment of Chinese Cyber Actors associated with the Ministry of State Security (MSS) Guangdong State Security Department (GSSD) for Intrusion Activities
• Lieutenant Colonel William T. Hagestad II: 21st Century Chinese Cyberwarfare (ISBN-13: 978-1849283342)

ChangeLog

• Version 2.0 (18 June 2021): Added PLA 69010 (thanks to @monacasec for the heads up)
• Version 1.6 (13 May 2021): Removed China Chopper as it’s not an actor (credits: @r0ny_123)
• Version 1.5 (13 May 2021): Added GSSD and relevant entities.
• Version 1.0 (20 April 2021): First publication.

Written by xorl

April 20, 2021 at 22:05

Posted in threat intelligence