From 2011 to 2018, the Hainan State Security Department (HSSD) recruited hackers and linguists in China to create malware used to hack into companies from 12 different countries and across multiple industries. Those identified from the HSSD that led the group are Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin. The targeted trade secrets included genetic sequencing technology and data, chemical formulas, technologies used in submersibles and autonomous vehicles, and information used to secure contracts in third party countries. The countries implicated in the case include the United States, Austria, Cambodia, Canada, Germany, Indonesia, Malaysia, Norway, Saudi Arabia, South Africa, Switzerland, and the United Kingdom. To achieve these goals, HSSD established a front company named Hainan Xiandun Technology Development Co., Ltd., which operated out of Haikou. This front company was managed by a Hainan-based university. Other universities were also involved through recruitment of hackers and linguists identified by HSSD. This particular group of hackers has since become notorious due to their involvement in a number of different cases. Justice Department reports[2] indicate that in order to begin a hacking operation, the organization would use spearphishing emails with mimicked legitimate domain names. This was occasionally followed up by additional internal phishing campaigns, leveraging the access they had gained from the first round of phishing emails. Lastly, the hacking group would use ‘anonymizer services’ to access malware inside the target company's networks. Namely, they used a Dropbox specific API command to steal data directly from in-network Dropbox accounts and obfuscate the download by making it appear legitimate. Footnotes [1] https://www.justice.gov/opa/pr/four-chinese-nationals-working-ministry-state-security-charged-global-computer-intrusion [2] Ibid.