Skip to content

Chinese graduates lured to work digital espionage for APT40 hacker group

  • by
  • 3 min read

University students from Hainan, Sichuan and Xi’an in China have been tricked into working at a technology company Hainan Xiandun that acts as a front for the Chinese hacking group APT40.

APT40 has been accused of hacking government agencies, companies and universities in the US, Canada, Europe and the Middle East. As for Hainan Xiandun, it’s allegedly a cover for APT 40, according to a 2021 US federal indictment. 

An investigation by the Financial Times has identified 140 potential translators, mostly freshly graduated students from public universities in the provinces mentioned above. These graduates had applied against job advertisements from Hanin Xiandun, which was masquerading as a translation company. 

In the News: Novel malware is being used to target popular routers since 2020 

Conning students into espionage

Recruiting spies from universities isn’t exactly new. With western agencies like the US CIA and UK’s GCHQ also doing the same, these Chinese graduates seem to have been unwillingly dragged into espionage. Job advertisements for translators were posted on the university website without explaining the nature of the work. 

The application process for the job included translation tests on sensitive documents stolen from the US government and research on individuals from John Hopkins University, a major intel target. The application provides insight into APT40’s functioning, with the instruction document asking applicants to use “software to get behind the Great Firewall” as the work and research involve using sites like Facebook, which are banned in China and require a VPN to access. 

The company seems to have a close relationship with Hainan University as well. The company is registered on the first floor of the university library, which also happens to be the student computer room. 

Actions have consquences

The FBI took action against the company last year in July, indicting three state security officials from the Hainan province, namely Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin, for their role in establishing a company as a front for a state-sponsored hacking group. A fourth individual believed to be a hacker who supervised company employees, Wu Shurong, was also indicted. 

Punishing actual conspirators aside, being linked to the MSS through their work at Hainan Xiandun comes with severe consequences. These individuals will most likely face difficulties when it comes to moving to and working in western countries, a key motivation for several students who study foreign languages. 

In the News: Firefox can now automatically remove tracking queries from URLs

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>