Jiangsu State Security Department


The Jiangsu State Security Department is the provincial bureau of the Chinese Ministry of [State Security (China)|Ministry of State Security] in Jiangsu which serves as the coastal province's intelligence service and secret police.
They are involved extensively in espionage against the United States, and aviation-related industrial espionage, operating the advanced persistent threat TURBINE PANDA, also known as APT26. They are most well known for their alleged responsibility for the high-profile 2015 hack of the United States Office of Personnel Management, stealing the personal details of over 20 million U.S. federal civil servants.
The department is headquartered in Gulou, Nanjing, west of the Jiming Temple, though it maintains locations throughout the province.

History

The Jiangsu SSD was established from the Jiangsu Investigation Department in September 1983. Only in January 1984 were public security personnel transferred into the SSD. The first Jiangsu SSD head, Qiu Lu, had been a deputy head of the provincial public security department. At least two of the original Jiangsu SSD deputy heads, Zhou Xiaoliang 周效良 and Hua Hengshuan 花恒栓, came from the Jiangsu Investigation Department.
An official history states that the Jiangsu Public Security Department, ‘in accordance with the Central Committee’s relevant regulations’, transferred the entirety of its Technology Division and Science and Technology division, and three sections of its Political Protection Division to the Jiangsu SSD in January 1984. The Public Security Department's Science and Technology Division was established in April 1979 with a staff of 75, and was outwardly known as the Jiangsu Province Public Security Science and Technology Research Institute. This institute is now known as the Nanjing Institute of Information Technology or the Nanjing 841 Research Institute, and may be directly subordinate to the MSS rather than the Jiangsu SSD.

Operations

Hack of the US Office of Personnel Management

In 2015, hackers working on behalf of the Jiangsu SSD obtained access to 22.1 million SF-86 records of US federal employees, contractors, and their friends and family. Representing one of the largest breaches of government data in U.S. history, information that was obtained and exfiltrated in the breach included personally identifiable information such as Social Security numbers, as well as names, dates and places of birth, and addresses.

Espionage against the United States military

In 2013, Jì Chāoqún, a Chinese graduate student studying in the United States, was recruited by officials from the JSSD and agreed to "dedicate the rest of his life to national security." He graduated from Illinois Institute of Technology in 2015 and enlisted as an E-4 in the United States Army Reserve through the Military Accessions Vital to the National Interest program the following year. In response to a security clearance investigation at the time of his enlistment, Ji falsely claimed to have had no close contact with officials of any foreign government in the prior seven years. In 2018, Ji met with individuals he believed were with the MSS, but were in fact undercover agents of the US Federal Bureau of Investigation. During these meetings, Ji said he could leverage his military credentials to take photos on board the destroyer USS Roosevelt, and that he would seek work in cybersecurity at the CIA, FBI or NASA, in order to gain greater access to databases of classified information. He was arrested later in 2018. Following a trial in 2022, Ji was convicted on one count each of acting as an agent of China without registering under the Foreign Agents Registration Act as required, conspiracy to wit, and making false statements to the US Army. In early 2023, Ji was sentenced to eight years in prison by United States [District Court for the Northern District of Illinois|a federal court] in Chicago. Ji appealed his conviction and sentence and his appeal was denied in July 2024.

Industrial espionage in the aviation sector

In 2017, an engineer at GE Aviation in Cincinnati was contacted by officials from the Jiangsu SSD through LinkedIn, and convinced to give a presentation to officials ostensibly from Nanjing University of Aeronautics and Astronautics. After being identified by the FBI and GE security, he was forced to take part in an offensive counterintelligence operation run by the FBI. After the engineer reengaged his Chinese acquaintance at the behest of the FBI, search warrants of the email address the man used revealed him to be Xu Yanjun, a deputy division director of the Sixth Bureau of the JSSD with nearly 20 years experience. Soon after, Xu asked the engineer to obtain details on the composite materials used in the structure of the Lockheed Martin F-22 Raptor.
Xu was ultimately arrested in a sting operation in Belgium arranged by the FBI. After examining his devices, an iCloud account revealed the JSSD was engaged in cyberespionage against global aerospace conglomerates Honeywell and Safran, and California-based gas turbine manufacturer Capstone Turbine. The companies were contractors for the first indigenous Chinese commercial aircraft, the COMAC C919, and the information revealed that China was working to steal the data necessary to cut the vendors out of the supply chain. At a discussion at the Center for Strategic and International Studies, Sinologist Peter Mattis said Nanjing Institute of Information Technology was the eventual customer for the stolen technology, and played a key role in setting the intelligence requirements for the JSSD's collection efforts.