Chinese Ministry of State Security

China's Ministry of State Security (MSS) on Thursday disclosed several cases of leaks involving industrial and supply chains, which included insider leaks in semiconductor technology, data theft, and the covert extraction of critical mineral information. The ministry warned that the security of industrial and supply chains is vital to national economic security and high-quality development and called for the establishment of a scientific and efficient protection system, CCTV News reported.

 

According to a statement published by the MSS on its official WeChat account, a foreign non-ferrous metals company used its Chinese employee, surnamed Ye, to bribe the deputy general manager of a domestic rare-earth company, surnamed Cheng. Driven by personal gain, Cheng violated regulations and illegally provided seven items of classified state secrets to the foreign side, including information on China's rare-earth reserve categories, quantities, and prices. Both Ye and Cheng were punished in accordance with the law.

 

Another case involved a former engineer at a domestic semiconductor company surnamed Zhang, who allegedly breached his confidentiality obligations after leaving the firm and illegally provided core production processes and other trade secrets to a foreign organization, according to the MSS statement.

 

A third case described a domestic company that used technical means to embed itself into an e-commerce platform's system, stealing more than one million business data records per day and illegally earning tens of millions of yuan in profits.

 

According to the MSS, all of the individuals involved in these cases were severely punished in accordance with the law.

 

In its statement, the MSS said that the development of resources, technological progress and the flow of data are deeply embedded in the underlying networks of industrial and supply chains. It warned that the security of these chains is closely tied to national economic security and high-quality development.

 

The ministry said foreign espionage and intelligence agencies have in recent years stepped up covert, specialized and systematic efforts to infiltrate, disrupt and steal sensitive information from China's industrial and supply chains, posing a serious threat to the country's economic, technological and data security, according to the MSS statement.

 

Given the increasingly severe and complex security environment, the MSS said that addressing isolated vulnerabilities or responding only after incidents occur is no longer enough. The MSS suggested building a scientific and efficient protection system.

 

The ministry urges stricter management of hardware, including tighter control over access to chips, servers and industrial control devices, stronger supplier vetting and traceability, and thorough inspections to remove equipment posing security risks. It also calls for mechanisms to dynamically manage supplier access and prevent malicious actors from planting surveillance devices or pre-installed malicious or espionage-related firmware.

 

It also stresses stricter software management, including stronger oversight of software, open-source components and cloud services, along with code audits and vulnerability checks to prevent malicious code and backdoors.

For sensitive data, core technologies and trade secrets, the MSS calls for full lifecycle management, least-privilege access, end-to-end encryption and cross-border data security assessments to prevent theft, tampering or illegal transfer overseas.

 

On personnel management, the ministry said companies should clearly assign counter-espionage responsibilities, conduct background checks and confidentiality training for staff in key positions, and prohibit handling classified information on non-classified devices. It also urged tighter regulation of foreign-related cooperation, outsourcing and subcontracting to prevent foreign intelligence agencies from exploiting inducements or recruitment to obtain sensitive information.

 

Global Times