The Chinese government’s cyber ecosystem continues to attract significant scrutiny from security researchers worldwide.
Following revelations from Intrusion Truth, the i-Soon leaks, tracking of EagleMsgSpy, and exposure of Great Firewall components, a recent analysis has uncovered details about two technology companies allegedly linked to China’s Ministry of State Security (MSS).
BIETA and its subsidiary CIII reportedly provide advanced steganography-based solutions to support MSS and Chinese intelligence operations.
Both organizations appear deeply embedded within China’s security apparatus, with suspicious proximity and personnel connections suggesting close government alignment.
BIETA, the Beijing Institute of Electronics Technology and Application, operates from a building complex adjacent to the MSS’s Beijing headquarters, which houses the Ministry’s First Research Institute the body behind the Skynet mass surveillance system deployed in Xinjiang.
Multiple BIETA executives have maintained institutional roles within Chinese government bodies. You Xingang, head of BIETA from 2008 to 2013, simultaneously worked as a researcher at the MSS’s First Research Institute.
Links to State-Aligned APT Groups
CIII, officially Beijing Sanxin Times Technology Co., Ltd., presents itself as a state-owned enterprise that handles diverse activities, ranging from BeiDou satellite navigation maintenance to network simulation and penetration testing services.
The company claims to support the People’s Liberation Army and has received positive evaluations from the China Information Technology Security Evaluation Center, the organization that monitors China’s national vulnerability database and directly manages APT operations.
Both companies reportedly develop, import, and sell steganographic technologies to Chinese intelligence agencies.
CIII has obtained multiple software copyrights related to steganography, including systems for deep analysis of audiovisual-to-voice conversion and forensic differentiation of JPEG images, both registered in 2017.
BIETA’s commitment to steganography research is evident from its academic output: approximately 46 percent of BIETA’s 87 academic publications between 1991 and 2023 focus on steganography techniques, supported by funding from China’s National Fund for Natural Sciences and major research programs.
Steganography hiding information within innocent-appearing files has long been a staple of state-sponsored cyber operations.
Mitigations
Russian and North Korean adversaries have documented use of these techniques, while Brazilian cybercriminals employed LSB steganography in Caminho Loader attacks.
Chinese APT groups have leveraged steganography for years, with documented usage traced back to at least 2013 in APT1 operations.
Groups including Mirage, Leviathan, Pirate Panda, and Witchetty have employed steganographic methods to distribute backdoors and exfiltrate sensitive data through seemingly innocuous image files.
BIETA’s research extends beyond JPEG images to encompass MP3 audio and MP4 video files as covert information channels.
The organization’s innovation trajectory suggests continuing advancement, including research into Generative Adversarial Networks (GANs) for steganographic applications presented at a 2019 steganography and artificial intelligence conference.
This analysis reveals a sophisticated network linking Chinese front companies, government ministries, and academic institutions in developing cutting-edge steganography capabilities for intelligence operations.
The scale of investment, personnel involvement, and breadth of research suggest steganography remains a strategic priority for Chinese cyber operations targeting foreign governments and private sector entities worldwide.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.