Chinese intel officer charged with espionage

A top intelligence officer for the Chinese Ministry of State Security (MSS) has been arrested and indicted on charges of economic espionage and attempting to steal trade secrets from multiple US aviation and aerospace companies.

Background

China and the US have long had differing views on the internet and digital issues such as the flow of information, internet governance and regulation, data localization and their approach to the security of IP and information technology.

China has been linked to multiple advanced persistent threat (APT) groups and their cyber espionage campaigns targeting US firms in the military, energy, defence and technology sectors. In 2013, US cybersecurity firm Mandiant – now part of FireEye – released a report on Chinese cyber espionage group APT1 that was linked to Unit 61398 of the People’s Liberation Army. APT1 is one of more than 20 APT groups with origins in China, many of which are believed to be associated with the Chinese government.

In 2015, presidents Barack Obama and Xi Jinping reached an agreement on curbing cyber espionage, declaring that neither the US nor Chinese governments will conduct or knowingly support cyber-enabled theft of intellectual property.

Although the historic deal between the world’s biggest economies was met with skepticism, it was seen as a significant step forward for the two nations. A FireEye report in 2016 found that China’s cyber espionage operations had significantly decreased following the deal.

Analysis

Chinese intelligence officer Yanjun Xu has been arrested and indicted on charges of economic espionage and attempting to steal trade secrets from several US aviation and aerospace companies, the US Justice Department announced. Xu is a deputy division director in the Jiangsu state security department of the Ministry of State Security (MSS) - China’s main spy agency.

He was arrested in Belgium and extradited to the US to face charges - marking the first time a Chinese intelligence official has been brought to the US to be prosecuted and tried in open court.

Xu has been accused of attempting to steal trade secrets from several leading aerospace companies including GE Aviation.

From at least December 2013 until his arrest in April, Xu allegedly targeted aviation companies both within and outside the US. After identifying experts who worked for these companies, he recruited them to travel to China under the pretext of inviting them for an “exchange of ideas” or deliver a university presentation. Court papers state that Xu and other operatives paid the experts’ travel costs and provided stipends with the aim of later obtaining “highly sensitive information” from them.

Xu was arrested in April and could face up to 25 years in prison if found guilty.

“This case is not an isolated incident,” Assistant Attorney General for National Security John C. Demers said. “It is part of an overall economic policy of developing China at American expense.  We cannot tolerate a nation’s stealing our firepower and the fruits of our brainpower.”

The charges come as the US and China are embroiled in an intensifying, tit-for-tat trade war and rhetoric between the two escalated. US vice-president Mike Pence accused Beijing of attempting to meddle in the upcoming US midterm elections.

“What the Russians are doing pales in comparison to what China is doing across this country,” Pence said in a speech.

The 2015 agreement between the two countries also seems to be unravelling. According to a new Crowdstrike report, the company detected an increase in Chinese hacking operations over the past year placing China above Russia in terms of volume of cyberattacks. The arrest of a top MSS official could likely spur further retaliatory attacks by Chinese hackers.

Crowdstrike co-founder and CTO Dmitri Alperovitch said: “China is back (after a big dropoff in activity in 2016) to being the predominant nation-state intrusion threat in terms of volume of activity against Western industry. MSS is now their #1 cyber actor.”

Assessment

Our assessment is that Xu’s arrest will likely escalate tensions between the US and China, potentially resulting in a possible strong reaction from Beijing such as expelling American diplomats or intelligence officers from the country. We believe it could also result in a further increase in the number of Chinese espionage campaigns and cyberattacks targeting US companies.