Chinese Front Companies Use Steganography for State-Sponsored Threats

Recent technical analysis has identified two Chinese technology firms, BIETA (formerly known as the Beijing Institute of Electronics Technology and Application) and CIII, as front companies linked to China’s Ministry of State Security (MSS). Tushar Subhra Dutta writes in Cyber Security News that both firms reputedly specialize in developing advanced steganography techniques.

Steganography enables cyber actors to conceal malicious payloads within ordinary digital media to support advanced persistent threat campaigns targeting networks.

BIETA is located adjacent to MSS headquarters in Beijing and maintains strong institutional connections with government agencies and universities, including the University of International Relations.

CIII, operating as Beijing Sanxin Times Technology Co., Ltd., presents as a state-owned enterprise while reportedly providing forensic and counterintelligence support.

Security researchers have documented that these organizations have committed significant resources to steganography research. This is reflected in BIETA’s publication record, which includes numerous papers focused on concealing data within images, audio, and video files. Both companies have also secured software copyrights for audiovisual conversion and forensic differentiation tools, further supporting their technical capabilities.

Investigations indicate that these front companies’ techniques have been applied in historical APT operations, including those by groups such as APT1, Mirage, Leviathan, and Pirate Panda. Those operations used Least Significant Bit steganography to embed backdoors into images and other media.

BIETA’s research has expanded to MP3 audio, MP4 video, and Generative Adversarial Networks, which suggests potential future use of AI-driven methods to generate undetectable carrier files.

Legal teams may need to consider the implications of such state-linked technical developments in the context of cross-border cybersecurity risk, regulatory compliance, and due diligence on technology suppliers.

The possibility of concealed data in images, audio, and video files underscores the importance of evaluating vendor affiliations. Advanced persistent threat techniques that evade traditional detection systems pose significant potential for litigation exposure.