The Chinese company that accused the NSA of hacking has global ambitions

Placeholder while loading article actions

For years, the US government and US cybersecurity firms have alleged that China was behind brazen hacks that stole treasure troves of sensitive documents.

Chinese government officials have denied the claims and repeatedly accused the United States of its own cyber espionage, without providing evidence.

That changed in February, when a well-connected Chinese cybersecurity firm went public with what it claimed was a US National Security Agency campaign targeting computers in 45 countries and regions, including China. US officials did not respond to requests for comment at the time.

The disclosure suggested a more aggressive public response from China to foreign hacking attempts. He also pointed to the growing influence of Qi An Xin Technology Group Inc., a Chinese technology company established in 2014 that aims to become a global cybersecurity giant.

The company, headquartered a 10-minute drive from the Forbidden City, has benefited from a three-year plan, unveiled last year, to expand China’s cybersecurity industry to over 250 billion yuan. ($39.3 billion) by 2023 by increasing investments in the sector and streamlining regulations.

Qi An Xin was assigned to manage cybersecurity in Tiananmen Square for the 70th anniversary of the Chinese Communist Party’s rule, and he oversaw network security for the Beijing Winter Games. In December, the Beijing city government selected Qi An Xin as one of 20 “invisible champions”, a designation given to companies that develop technologies critical to China’s national strategy.

“Their talent is, without a doubt, the top 10 in the world, as far as business goes,” said Dakota Cary, China cyber capabilities consultant at Krebs Stamos Group. “When there is a problem at the provincial level or even at the central level, when the government needs a response team, it seems that Qi An Xin is the person to contact.”

A representative of Qi An Xin declined to comment on this story.

China’s cyber industry accounts for less than 7% of the global market, compared to about 40% in the United States, according to a study last year by the International Institute for Strategic Studies.

Chinese cybersecurity firms have struggled to expand their business in the private commercial market due to low awareness of the risks of cyberattacks, especially among the small and medium-sized business community, Cary and two other experts said. in cybersecurity. Public reports of threats or attacks are rare, so investing in cyber is not considered a critical business cost, according to several analysts with knowledge of China’s cyber industry.

This lack of demand for cyber protection among businesses and individuals partly explains Qi An Xin’s reliance on state clientele, Cary said. Its contracts with government, public security agencies and military customers accounted for 52% of its revenue in 2019, according to research firm Dongguan Securities.

Overall, Qi An Xin brought in 5.81 billion yuan ($871 million) in revenue in 2021, lagging some of the biggest Western cybersecurity companies. Palo Alto Networks Inc., for example, posted revenue of $4.3 billion in its 2021 fiscal year.

But the company has ambitions to compete globally with US cybersecurity firms and others in the West. Founder Qi Xiangdong told reporters that he wants Qi An Xin to “come out into the world” this year.

According to a report by Avic Securities, the company has operations outside of the Chinese mainland, including providing cybersecurity services for the overseas operations of Chinese companies and banks in places such as China. Southeast Asia, the Middle East and Africa.

It also holds contracts to provide cybersecurity infrastructure to governments, including those in Indonesia, Algeria, Angola and Ethiopia, according to Avic analysts.

China’s cyber industry is still primarily compliance-driven, so its security products are designed to meet domestic regulatory requirements that may conflict with needs outside the country, said Vivien Pua, an analyst at security industry at market research firm Frost & Sullivan.

In addition, trust is harder to build for Chinese companies such as Qi An Xin in Western countries, said Niko Yang, senior analyst at Beijing-based investment research firm EqualOcean. Qi An Xin’s ties to the government may complicate any attempt to appear independent to potential customers overseas, a concern faced by many China-linked cyber services.

“For this kind of critical infrastructure, it’s difficult for countries to be willing to completely hand things over to others,” he said. “It’s the same in China’s domestic cybersecurity – they won’t ask foreign companies to do the most critical security tasks either.”

These close links with the government are indisputable.

Its founder, Qi Xiangdong, 57, worked for 17 years at Xinhua, the national media agency, where he rose to the position of deputy in the communications technology office. He is also a delegate to a political advisory body of the Beijing city government.

The company’s chairman, Wu Yunkun, is vice-chairman of a working committee of the China Association of the Ministry of Information, which is overseen by the Ministry of Civil Affairs. Vice President Yang Hongpeng, was also previously in Xinhua’s communications department. Board members Meng Yan, Xu Jianjun, and Zhao Bingdi have held state-related positions in finance and technology.

In February, a Qi An Xin security team called Pangu Labs – known in China for exploiting vulnerabilities to access Apple Inc.’s iOS systems – released a report saying they had found malware in computer systems. nationals which she claimed were created by a hacking group called “Equation”. This group is “generally believed” to be linked to the NSA, according to the researchers.

Malware was allegedly discovered within an unnamed Chinese agency in 2013 and 2015, which Pangu Labs said was part of a 10-year campaign that infiltrated key institutions around the world, according to the report, which was covered by the Communist Party-backed Global Times. .

The alleged spy campaign took place in 2013 and information about the malware had previously surfaced in leaks from former NSA contractor Edward Snowden, meaning other hacking groups are believed to have also could access the code. However, the details of the hack were perhaps less important than the fact that they were published, according to Cary of the Krebs Stamos group.

“There is something about the relationship between Qi An Xin and the government that allowed them to publish something like this,” he said. “That’s part of the reason why they have so many contracts.”

Pangu Labs previously told Bloomberg News that it waited nearly a decade to release details about the hack because it was analyzing the data in question.

Chinese cybersecurity firms have rarely directly shared details of foreign attacks.

In March 2020, Qihoo 360 Technology Co. Ltd., which was co-founded by Qi, blamed a group suspected of being associated with the CIA for alleged hacks against China. The US government has added Qihoo 360 to its entity list for national security reasons.

State-owned China Electronics Corporation bought a 23% stake in Qi An Xin in 2019, replacing Qihoo 360 as the second largest shareholder behind Qi Xiangdong.

Although the NSA’s exit could make Qi An Xin even more expensive for the Chinese government, it could complicate its expansion efforts in the West. The same goes for U.S. restrictions on some Chinese tech companies and China’s reluctance to integrate into the global talent pool, said Greg Austin, IISS senior researcher for cyber, space, and technology. future conflicts.

More stories like this are available at bloomberg.com

Back To Top