In our last three posts we introduced you to APT3 and identified two individuals responsible for purchasing their domain names – Wu Yingzhuo and Dong Hao. An IP addresses in Guangdong, China was associated with some of the domains.

Both individuals have a long history of purchasing APT3 infrastructure. Who do they work for and where do their orders come from?

Boyusec

Well, the answers to those questions are reasonably easy to find. Wu Yingzhuo (吴颖卓) and Dong Hao (董浩) are both shareholders in the same company.

This listing is for a Chinese cyber security firm called 博御信息 (or Boyusec – the Guangzhou Boyu Information Technology Company, Ltd) that was licensed in December 2013 and is based in Guangdong. It lists both 吴颖卓 and 董浩 as major shareholders.

boysec-company
Company listing showing 吴颖桌 and 董浩 as shareholders of Boyusec

The Ministry of State Security

On the 29th of November 2016, freebeacon.com reported that Pentagon intelligence officials had identified Boyusec as being a contractor for the Chinese Ministry of State Security (MSS). The MSS is one of China’s Intelligence Services and is an active player in their Cyber programme.

freebeacon-boyusec

The conclusion?

Either a Chinese InfoSec company called Boyusec, known to be involved with Chinese Intelligence Cyber operations, has two shareholders with the same names as two apparant APT3 actors, or Boyusec is APT3.

84 thoughts on “APT3 is Boyusec, a Chinese Intelligence Contractor

  1. Pingback: This Week in Security News: The First Patch Tuesday Update of 2020 and Pwn2Own Vancouver Announced -
  2. Pingback: This Week in Security News: The First Patch Tuesday Update of 2020 and Pwn2Own Vancouver Announced - ThreatsHub Cybersecurity News
  3. Pingback: The First Patch Tuesday Update of 2020 and Pwn2Own Vancouver Announced – | e-Shielder Security News
  4. Pingback: FBI is investigating greater than 1,000 instances of Chinese language theft of US expertise | ZDNet - Promoku.net
  5. Pingback: FBI is investigating more than 1,000 cases of Chinese theft of US technology
  6. Pingback: El FBI está investigando más de 1,000 casos de robo chino de tecnología estadounidense – Instinto Seguro
  7. Pingback: FBI is investigating more than 1,000 cases of Chinese theft of US technology | Tech Top News
  8. Pingback: FBI is investigating more than 1,000 cases of Chinese theft of US technology | Gadget Tech News
  9. Pingback: FBI is investigating more than 1,000 cases of Chinese theft of US technology - Loyal World News
  10. Pingback: FBI is investigating greater than 1,000 circumstances of Chinese language theft of US expertise - Techi Blog
  11. Pingback: FBI is investigating more than 1,000 cases of Chinese theft of US technology - ThreatsHub Cybersecurity News
  12. Pingback: FBI is investigating more than 1,000 cases of Chinese theft of US technology – The America Today – American News & The latest trends in the US
  13. Pingback: FBI is investigating more than 1,000 cases of Chinese theft of US technology. | Businesblog
  14. Pingback: FBI is investigating more than 1,000 cases of Chinese theft of US technology – Germany Times of News
  15. Pingback: FBI investigates more than 1,000 cases of Chinese tech theft by China - Grouvy Today
  16. Pingback: Le FBI enquête sur plus de 1 000 cas de vols de technologie américaine par la Chine | Ultimatepocket
  17. Pingback: Le FBI enquête sur plus de 1 000 cas de vols de technologie américaine par la Chine - Universmartphone
  18. Pingback: Le FBI enquête sur plus de 1 000 cas de vols de technologie américaine par la Chine | Blog a Téodulle
  19. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor
  20. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor - The Trend Public: Breaking News, India News, Sports News and Live Updates
  21. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor - Loyal World News
  22. Pingback: Connection found between Chinese language hacker group APT15 and protection contractor – NewsVerses
  23. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor | SubjectData
  24. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor – Digital Access
  25. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor – Europe News Online
  26. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor - Bestgamingpro
  27. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor - CryptoGain.me
  28. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor - Technology Telegraph
  29. Pingback: Conexión descubierta entre el grupo de hackers chinos APT15 y el contratista de defensa – Instinto Seguro
  30. Pingback: Connection discovered between Chinese hacker group APT15 and defense contractor – My Blog
  31. Pingback: Lookout experts discover link between Chinese hack group and defense contractor
  32. Pingback: Lookout: Uigurii, supravegheați de hackeri afiliați serviciilor secrete chineze | CyberNews
  33. Pingback: Эксперты Lookout обнаружили связь между китайской хак-группой и оборонным подрядчиком — «Хакер»
  34. Pingback: 5 Supply Chain Cyber Attacks that Illustrate Why CMMC Is Needed - CyberSheath

Comments are closed.