The indictment of two Chinese nationals who carried out intrusions for the MSS is full of interesting insights on the state of Chinese cyber espionage. 1/x https://www.justice.gov/opa/press-release/file/1295981/download

First off, consider the efficiency of this capability. Two guys responsible for stealing hundreds of millions in intellectual property. And better yet, they're contractors, so limited overhead for the PRC! 2/x

Not the first time we've seen an extortion scheme from contractor types. APT41 has done something similar when seeking to monetize their access. Being allowed to carry out crime while under the protection of the state is just one of the benefits of this type of relationship. 3/x

A lot of typical espionage work here. DIB targeting. Targeting of dissidents (Hong Kong democracy activists and Chinese Christians). 4/x

Some very interesting additional targeting. Pharma and biotech targeting began before COVID-19. This is one of the areas we've seen targeting in as well and there have also been several incidents outside of the cyber arena. 5/x

The biotech targeting by this actor is also interesting in that it is not obviously Xi-agreement compliant like so much of this activity. 6/x

Also interesting to see the targeting of PII. Could certainly be a criminal operation, but given all the PII-related incidents we've seen by other Chinese state actors, it's worth wondering how this data will get used. 7/x

Also interesting to see gaming involved. APT41, a very similar operation targeted this area heavily. I am curious if this sector is a focus of this actor's side business, rather than the work they are doing for the MSS. 8/x

Also interesting in details about the relationship between MSS and the contractors. A suggestion that they were acting proactively in some cases by targeting dissidents without tasking. Also, the indictment indicates they were given an 0-day by their MSS contact. 9/x