Boyusec

Boyusec, a threat actor group linked to the Chinese Ministry of State Security (MSS), has been implicated in long-running GOTHIC PANDA operations, with elements of the group likely still active despite its official dissolution. Throughout May 2017, IntrusionTruth released a series of blog posts identifying several individuals connected to Boyusec based on historical information and open-source intelligence (OSINT). The initial tranche of information exposed connections to the Chinese firm Boyusec and ultimately to MSS entities in Guangzhou, although the group's exact motives remain unclear. The credibility of these findings was further enhanced when the U.S. Department of Justice named Boyusec and several identified individuals in an indictment, detailing GOTHIC PANDA tactics, techniques, and procedures (TTPs) comprehensively. This indictment, largely based on IntrusionTruth’s prior releases about GOTHIC PANDA, led to the dismantling of Boyusec. Notably, Boyusec had previously worked at CNITSEC’s Guangdong subsidiary setting up a joint active defense lab. Open source research by Recorded Future revealed that one of Boyusec’s partners is a field office for a branch of the MSS. The company's other partner, Guangdong ITSEC, is less well-documented. On Boyusec’s website, the company explicitly identifies two organizations that it cooperatively partners with: Huawei Technologies and the Guangdong Information Technology Security Evaluation Center (or Guangdong ITSEC). These associations highlight Boyusec's extensive network and underscore the potential continued threat posed by its members.