# APT3 is Boyusec, a Chinese Intelligence Contractor

**[intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/](https://intrusiontruth.wordpress.com/2017/05/09/apt3-is-boyusec-a-chinese-intelligence-contractor/)**

intrusiontruth May 9, 2017

In our last three posts we introduced you to APT3 and identified two individuals responsible
for purchasing their domain names – Wu Yingzhuo and Dong Hao. An IP addresses in
Guangdong, China was associated with some of the domains.

Both individuals have a long history of purchasing APT3 infrastructure. Who do they work for
and where do their orders come from?

**Boyusec**

Well, the answers to those questions are reasonably easy to find. Wu Yingzhuo (吴颖卓) and
Dong Hao (董浩) are both shareholders in the same company.

[This listing is for a](http://company.xizhi.com/GS570782da1f98cc03038b468b/) [Chinese cyber security firm called 博御信息 (or Boyusec – the Guangzhou](http://www.boyusec.com/)
Boyu Information Technology Company, Ltd) that was licensed in December 2013 and is
based in Guangdong. It lists both 吴颖卓 and 董浩 as major shareholders.


-----

Company listing showing 吴颖桌 and 董浩 as shareholders of Boyusec
**The Ministry of State Security**

On the 29th of November 2016, freebeacon.com reported that Pentagon intelligence officials
[had identified Boyusec as being a contractor for the Chinese Ministry of State Security](http://freebeacon.com/national-security/pentagon-links-chinese-cyber-security-firm-beijing-spy-service/)
(MSS). The MSS is one of China’s Intelligence Services and is an active player in their Cyber
programme.


-----

**The conclusion?**

Either a Chinese InfoSec company called Boyusec, known to be involved with Chinese
Intelligence Cyber operations, has two shareholders with the same names as two apparant
APT3 actors, or Boyusec is APT3.


-----