New Report Links Chinese Research Firms to MSS Cyber Operations

BIETA and CIII Identified as Entities Supporting Intelligence and Security Missions

An individual in a hooded sweatshirt with a Chinese emblem interacts with a digital world map, highlighting the intersection of cybersecurity and national interests.

A new report has linked two Chinese research firms, the Beijing Institute of Electronics Technology and Application (BIETA) and its subsidiary Beijing Sanxin Times Technology Co., Ltd. (CIII), to cyber operations associated with the Ministry of State Security (MSS). According to Recorded Future, BIETA is likely under the influence of the MSS, with evidence suggesting that at least four of its personnel—Wu Shizhong, He Dequan, You Xingang, and Zhou Linna—have clear or possible ties to MSS officers. These individuals are also connected to the University of International Relations, an institution known to have links to the MSS.

BIETA, which has operated since at least 1983, specializes in communication technology, multimedia information processing, and network security. Its subsidiary, CIII, has developed tools for steganography, network penetration testing, and even applications for monitoring and blocking mobile devices in large venues. Notably, CIII has created an Android app called Intelligent Discussion and a mobile positioning system capable of tracking and harvesting data from controlled devices. These capabilities suggest a direct alignment with MSS operations, as the report states that BIETA’s research is “almost certainly” used to create technologies that enable the MSS’s mission.

The report also notes that both BIETA and CIII are likely part of a network of front organizations that support cyber-enabled intelligence operations. These tools and technologies are believed to be shared with subordinate state security departments and contractors, further expanding the MSS’s operational reach.

This revelation comes amid growing concerns about the blending of commercial and state-sponsored cyber infrastructure. Earlier this year, cybersecurity firm Spur uncovered a Chinese proxy and VPN service called WgetCloud (formerly GaCloud) allegedly used by North Korean threat actors in cyber campaigns. This underscores the broader risk of advanced persistent threat (APT) infrastructure being embedded within commercial offerings, making it harder to distinguish between legitimate services and malicious tools.

The report adds to a growing body of evidence that Chinese state-backed entities are increasingly leveraging commercial and academic networks to advance their cyber capabilities, raising new questions about the boundaries between private enterprise and national security interests.

In addition to this, the report highlights that BIETA and CIII have been actively developing and selling tools that can be used for both legitimate and potentially malicious purposes. These include applications for uploading files to cloud services like Baidu Cloud and OneDrive, conducting network simulations, and performing penetration testing on a wide range of systems—from websites and mobile apps to IoT devices.

The findings also align with broader trends in global cybersecurity, where state-sponsored actors are increasingly using commercial infrastructure to conduct espionage and cyberattacks. This includes the recent actions by OpenAI, which reported disrupting cybercriminals from China, North Korea, and Russia who were misusing ChatGPT for malicious purposes.

As the cybersecurity landscape becomes more complex, the role of entities like BIETA and CIII in supporting national security interests—whether directly or indirectly—remains a critical area of concern for both governments and private sector organizations.