CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

BIETA and CIII Linked to China’s MSS Cyber Operations

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

The Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII) are assessed to be likely led by the Ministry of State Security (MSS). These firms are involved in developing technologies that support intelligence, counterintelligence, and military missions relevant to China's national security. BIETA and CIII have developed tools for steganography, covert communications, forensic investigation, and network penetration testing. Their activities include researching methods for covert communications and malware deployment, as well as acquiring foreign technologies for network penetration and military communications. The firms have been linked to the MSS through personnel connections and their association with the University of International Relations, known for its ties to the MSS. Their work includes developing applications for network simulations, penetration testing, and communication simulations. BIETA and CIII have been involved in developing and acquiring technologies for covert communications, steganography, and military applications through collaborations with Western institutions. CIII acts as an agent for Western companies, facilitating the transfer of advanced technologies to China, potentially benefiting the MSS and PLA.

Timeline

  1. 06.10.2025 17:00 2 articles · 13h ago

    BIETA and CIII Linked to China’s MSS Cyber Operations

    The Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII) are assessed to be likely led by the Ministry of State Security (MSS). These firms are involved in developing technologies that support intelligence, counterintelligence, and military missions relevant to China's national security. BIETA and CIII have developed tools for steganography, covert communications, forensic investigation, and network penetration testing. Their activities include researching methods for covert communications and malware deployment, as well as acquiring foreign technologies for network penetration and military communications. The firms have been linked to the MSS through personnel connections and their association with the University of International Relations, known for its ties to the MSS. Their work includes developing applications for network simulations, penetration testing, and communication simulations. BIETA and CIII have been involved in developing and acquiring technologies for covert communications, steganography, and military applications through collaborations with Western institutions. CIII acts as an agent for Western companies, facilitating the transfer of advanced technologies to China, potentially benefiting the MSS and PLA.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Chinese State-Sponsored Actors Target Global Critical Infrastructure

Chinese state-sponsored Advanced Persistent Threat (APT) actors, specifically the Salt Typhoon group and a newly identified group named RedNovember, have been conducting sustained campaigns to compromise critical infrastructure networks worldwide. The campaigns aim to gain long-term access to telecommunications, government, transportation, lodging, and military networks. This activity has been detailed in a joint advisory by CISA, NSA, FBI, and international partners, including Canada, Australia, New Zealand, the UK, Czech Republic, Finland, Germany, Italy, Japan, the Netherlands, Poland, and Spain. The advisory provides intelligence on tactics used by these actors and recommends mitigations to strengthen defenses. The Czech Republic's National Cyber and Information Security Agency (NUKIB) has issued a warning instructing critical infrastructure organizations to avoid using Chinese technology or transferring user data to servers located in China. The agency has re-evaluated its risk estimate of significant disruptions caused by China, now assessing it at a 'High' level. The NUKIB has confirmed malicious activities of Chinese cyber-actors targeting the Czech Republic, including a recent APT31 campaign targeting the Czech Ministry of Foreign Affairs. The advisory highlights concerns over the transfer of system and user data to China, potentially misused by state, military, or political interests. The Czech government previously accused China of targeting its critical infrastructure through APT 31, an allegation denied by the PRC but condemned by the US, EU, and NATO. The advisory suggests that individuals and organizations consider restricting or prohibiting the use of products and services that transfer data to China. The campaign has targeted at least 600 organizations across 80 countries, including 200 in the U.S. The threat actors have exploited vulnerabilities in Cisco, Ivanti, and Palo Alto Networks devices to gain initial access and have modified routers to maintain persistent access and pivot into other networks. The advisory also notes that the APT actors may target other devices such as Fortinet firewalls, Juniper firewalls, Microsoft Exchange, Nokia routers and switches, Sierra Wireless devices, Sonicwall firewalls, etc. RedNovember has targeted perimeter appliances of high-profile organizations globally, including defense and aerospace organizations, space organizations, and law firms. The group has breached at least two U.S. defense contractors, a European engine manufacturer, and a trade-focused intergovernmental cooperation body in Southeast Asia. RedNovember has used the Go-based backdoor Pantegana and Cobalt Strike as part of its intrusions, along with the Spark RAT and LESLIELOADER. The group has also used VPN services like ExpressVPN and Warp VPN to administer and connect to servers used for exploitation and communication.

Open in new tab