Monday, September 12, 2016

Formation of the Cyber Security Association of China
Early this year, the Chinese government established a new network security organization; the Cyber Security Association of China (CSAC).  Established under the Cyberspace Administration of China, it was founded as a “non-profit social organization,” suggesting the Chinese view it as only semi-official.  At its founding, a board of 13 was named under the leadership of Fang Binxing, former President of Beijing University of Posts and Telecommunications and known as the “Father of the Great Firewall of China,” the government’s online censorship system.

The leadership cadre—respected senior professionals in Chinese network security drawn from major university positions, key Chinese network security (Qihoo 360, Antiy Labs), e-commerce, and social media companies —indicates this could be an important organization in Chinese cyberspace administration and international cooperation.  Some have extensive contact with hackers, and at least two have backgrounds in the PLA as defense civilians.  Overall, however, this appears to be a cadre whose experience is in cyber defense rather than hacker operations.

Its first interaction outside China was a June 2016 letter to GitHub asking them to take down a posting that was objectionable to the Chinese leadership.  This suggests that CSAC will be used to interact with the U.S. and other countries on network security issues from a level that may be considered semi-official by the Chinese Government.  International businesses operating in mainland China will likely be impacted by the group’s recommendations or announcements involving international dialogue and information security policy recommendations.

This report details the personnel and backgrounds of those involved, and is provided for situational awareness.

Publication date:                   2 September 2016

Handling requirements:         Traffic light protocol (TLP) AMBER

Attribution/Threat Actors:     Criminal / State Actors 

Actor Type:                            Tier IV

Previous Reporting:                DOC-1110, DOC-1624, DOC-2404, DOC-3952, DOC-1623

Industries Targeted:               Foreign businesses in mainland China (low confidence)

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.