Hainan State Security Department

Hainan State Security Department

Chinese: 海南省国家安全厅
Department overview
Formed	April 1984; 40 years ago (1984-04)
Preceding department	Hainan Public Security Bureau counterintelligence
Jurisdiction	Hainan province
Headquarters	No. 176 Nanhai Avenue, Xiuying District, Haikou, Hainan, China 19°59′48″N 110°16′53″E / 19.99667°N 110.28133°E / 19.99667; 110.28133
Employees	Classified
Annual budget	Classified
Department executive	Director
Parent ministry	Ministry of State Security

The Hainan State Security Department (HSSD; Chinese: 海南省国家安全厅) is a provincial department of the Chinese Ministry of State Security responsible for national security and secret policing in the contiguous island province of Hainan, headquartered in Haikou. Members of the Hainan SSD have badge numbers with prefixes beginning with "46xxxx".^[1] The HSSD operates advanced persistent threat (APT) number 40.

Advanced persistent threat actor[edit]

The Hainan State Security Department is behind the advanced persistent threat known as APT40.^[2][3][4]

In May 2021, a US federal grand jury in San Diego, California, returned an indictment against four hackers of the Hainan SSD for hacking attributed to the Hainan Xiandun Technology Development Co., Ltd. (海南仙盾) (Hainan Xiandun), a since disbanded front company, to operate out of Haikou, Hainan Province.^[2][5][6]

The two-count indictment alleged that Ding Xiaoyang (丁晓阳), Cheng Qingmin (程庆民) and Zhu Yunmin (朱允敏), were HSSD officers responsible for coordinating, facilitating and managing computer hackers and linguists at Hainan Xiandun and other MSS front companies to conduct hacking for the benefit of China and its state-owned and sponsored instrumentalities. The indictment alleges that Wu Shurong (吴淑荣) was a computer hacker who, as part of his job duties at Hainan Xiandun, created malware, hacked into computer systems operated by foreign governments, companies and universities, and supervised other Hainan Xiandun hackers.^[2][3]

Targets[edit]

APT40's campaigns have targeted a range of victims originating in the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland and the United Kingdom.^[2] Targeted industries included, among others, aviation, defense, education, government, healthcare, biopharmaceuticals and maritime.^[2][3]

Stolen trade secrets and confidential business information included, among other things, sensitive technologies used for submersibles and autonomous vehicles, specialty chemical formulas, commercial aircraft servicing, proprietary genetic-sequencing technology and data, and foreign information to support China’s efforts to secure contracts for state-owned enterprises within the targeted country (e.g., large-scale high-speed railway development projects).^[2]

In the most concerning instances, hackers from the Hainan SSD targeted research on highly pathogenic biological agents including Ebola, MERS, HIV/AIDS, Marburg and tularemia, several of which have been historically weaponized as biological warfare agents.^[2][3][7]

The indictment charged the Hainan MSS officers with coordinating intelligence requirements with academics at universities in Hainan and elsewhere in China. Not only did such universities assist the MSS in identifying and recruiting hackers and linguists to penetrate and steal from the computer networks of targeted entities, including peers at many foreign universities, but personnel at one identified Hainan-based university also helped support and manage Hainan Xiandun as a front company, including through payroll, benefits and a mailing address.^[2]

List of directors[edit]

References[edit]

This article incorporates text from this source, which is in the public domain: https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion