University students from Hainan, Sichuan and Xi’an in China have been tricked into working at a technology company Hainan Xiandun that acts as a front for the Chinese hacking group APT40.
APT40 has been accused of hacking government agencies, companies and universities in the US, Canada, Europe and the Middle East. As for Hainan Xiandun, it’s allegedly a cover for APT 40, according to a 2021 US federal indictment.
An investigation by the Financial Times has identified 140 potential translators, mostly freshly graduated students from public universities in the provinces mentioned above. These graduates had applied against job advertisements from Hanin Xiandun, which was masquerading as a translation company.
In the News: Novel malware is being used to target popular routers since 2020
Conning students into espionage
Recruiting spies from universities isn’t exactly new. With western agencies like the US CIA and UK’s GCHQ also doing the same, these Chinese graduates seem to have been unwillingly dragged into espionage. Job advertisements for translators were posted on the university website without explaining the nature of the work.
The application process for the job included translation tests on sensitive documents stolen from the US government and research on individuals from John Hopkins University, a major intel target. The application provides insight into APT40’s functioning, with the instruction document asking applicants to use “software to get behind the Great Firewall” as the work and research involve using sites like Facebook, which are banned in China and require a VPN to access.
The company seems to have a close relationship with Hainan University as well. The company is registered on the first floor of the university library, which also happens to be the student computer room.
Actions have consquences
The FBI took action against the company last year in July, indicting three state security officials from the Hainan province, namely Ding Xiaoyang, Cheng Qingmin and Zhu Yunmin, for their role in establishing a company as a front for a state-sponsored hacking group. A fourth individual believed to be a hacker who supervised company employees, Wu Shurong, was also indicted.
Punishing actual conspirators aside, being linked to the MSS through their work at Hainan Xiandun comes with severe consequences. These individuals will most likely face difficulties when it comes to moving to and working in western countries, a key motivation for several students who study foreign languages.
In the News: Firefox can now automatically remove tracking queries from URLs