China is luring job seekers to commit state-sponsored espionage

Chinese university students have been persuaded to work for a top-secret
technology business, concealing the fact that their real duties were
identifying potential Western targets for espionage and interpreting stolen
papers as part of Beijing’s massive intelligence apparatus. 140 possible
translators, mostly recent graduates who studied English at public colleges
in Hainan, Sichuan, and Xian, have been targeted.
On the sunny southern island of Hainan, there was a business called Hainan
Xiandun, and they had answered job postings there. Translation tests on
confidential papers collected from US government agencies were part of the
application process, as were directives to research people at Johns Hopkins
University, a major target for espionage gathering.
A 2021 US federal indictment claims that Hainan Xiandun served as a front
for the Chinese hacking organisation APT40. APT40 is said by Western
intelligence services to have been sent by China’s Ministry of State Security
to infiltrate colleges, businesses, and government organisations throughout
the US, Canada, Europe, and the Middle East.
Last July, the FBI attempted to halt Hainan Xiandun’s operations by indicting
three state security officers in the province of Hainan for their alleged roles
in creating the business as a front for state-backed espionage. These
officials are Ding Xiaoyang, Cheng Qingmin, and Zhu Yunmin. Wu Shurong,
another person included in the indictment, is thought to have been a hacker
who assisted in managing staff at Hainan Xiandun.
It appears that the Chinese graduates targeted by Hainan Xiandun were
unintentionally enticed into a career in espionage. On university websites,
the corporation posted job advertisements for translators without providing
any more information about the nature of the work. This might have longterm effects since those who are suspected of cooperating with the MSS
through their work for Hainan Xiandun may find it challenging to live and work
in western nations, which is a major incentive for many students to study
foreign languages.Zhang, an English language graduate who applied to
Hainan Xiandun, said that a recruiter had asked him to perform research on
the Johns Hopkins Applied Physics Laboratory in addition to his standard
translation duties. He was instructed to learn about the organisation,
including the CVs of the directors who sit on its board, the design of the
building, and specifics of the research contracts it has signed with clients.
The APL, a major beneficiary of US Department of Defense research
funding, is probably of considerable intelligence interest to Beijing, making
the employees there suitable candidates for hacking. Their job applications
provide light on APT40’s strategies, which include targeting maritime,
biomedical, and robotics research institutes as part of larger initiatives to
learn about Western industrial strategy and acquire private information.
A large workforce of English speakers who can help identify hacking targets,
cyber experts who can access enemies’ networks, and intelligence officials
who can analyse the stolen data are all necessary for such a large-scale
breach. The job seekers were instructed to download “software to go around
the Great Firewall” in the instruction manual. It forewarns that the research
will include visiting blocked websites like Facebook, which calls for the usage
of a VPN, or programme that hides the user’s location, in order to acquire
access.
The MSS has been criticised in the past for creating a “ecology of criminal
contract hackers” that take part in both state-sponsored operations and
financially motivated cybercrime, according to US Secretary of State Antony
Blinken. Blinken stated that the theft of intellectual property, extortion
payments, and failure of cyber defences caused these hackers to cost
businesses and governments “billions of dollars.”
A former FBI agent who most recently worked for a cyber security firm said
that he had never heard of western intelligence agencies using university
students without first obtaining security clearance to gather information. The
MSS operates on a very casual basis and enjoys grey zones, he claimed.
It’s intriguing to observe how much of the dirty labour that might have longterm effects is being performed by a young student workforce and how
probable it is that these potential hazards are not properly disclosed.
Hainan Xiandun appeared to have a tight association with Hainan University
and advertised job openings on university recruiting websites. The university
library’s first floor, which also houses the student computer area, was the
location of the company’s registration.
Even while the FBI claimed that the university helped the MSS find and
recruit hackers and linguists to “penetrate and steal” from computer
networks, it makes no mention of the university’s part in enlisting students to
the cause.
Michael Misumi, chief information officer of Johns Hopkins APL, responded
to the results by saying that the APL “must respond to multiple cyber threats
and takes adequate measures to continually defend itself and its systems”
like “many technological organisations.”