Boyusec

Threat Actor updated 6 months ago (2024-05-04T18:19:34.102Z)
Download STIX
Preview STIX
Boyusec, a threat actor group linked to the Chinese Ministry of State Security (MSS), has been implicated in long-running GOTHIC PANDA operations, with elements of the group likely still active despite its official dissolution. Throughout May 2017, IntrusionTruth released a series of blog posts identifying several individuals connected to Boyusec based on historical information and open-source intelligence (OSINT). The initial tranche of information exposed connections to the Chinese firm Boyusec and ultimately to MSS entities in Guangzhou, although the group's exact motives remain unclear. The credibility of these findings was further enhanced when the U.S. Department of Justice named Boyusec and several identified individuals in an indictment, detailing GOTHIC PANDA tactics, techniques, and procedures (TTPs) comprehensively. This indictment, largely based on IntrusionTruth’s prior releases about GOTHIC PANDA, led to the dismantling of Boyusec. Notably, Boyusec had previously worked at CNITSEC’s Guangdong subsidiary setting up a joint active defense lab. Open source research by Recorded Future revealed that one of Boyusec’s partners is a field office for a branch of the MSS. The company's other partner, Guangdong ITSEC, is less well-documented. On Boyusec’s website, the company explicitly identifies two organizations that it cooperatively partners with: Huawei Technologies and the Guangdong Information Technology Security Evaluation Center (or Guangdong ITSEC). These associations highlight Boyusec's extensive network and underscore the potential continued threat posed by its members.
Description last updated: 2024-05-04T17:43:46.869Z
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Boyusec Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more