NK Hackers are Robbing Banks Around the World

Primer:

North Korea’s Foreign Ministry on Saturday called the United States a “mastermind of cybercrime” as it responded to a report detailing Pyongyang’s efforts to hack banks.

In an English-language statement posted on the ministry’s website, a spokesperson for the country’s “National Coordination Committee for Anti-Money Laundering and Countering the Financing of Terrorism” denied the regime’s link to any online criminal activities, claiming there was no truth to the “preposterous rumors” circulated by the United States.

The U.S. Treasury Department and three federal agencies including the FBI said in an alert issued Wednesday that hackers attempted to initiate fraudulent money transfers and ATM “cash-outs” from multiple countries that appeared to be part of the North’s “extensive, global cyber-enabled bank robbery scheme.” More here.

US govt warns of North Korean hackers targeting banks ... source/article

The BeagleBoyz have made off with nearly $2 billion since 2015, and they’re back to attacking financial institutions after a short lull in activity.

The BeagleBoyz, part of the North Korean government’s hacking apparatus, are back to targeting banks around the world after a brief pause in activity.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.

Along with the theft of massive amounts of money that the United Nations believes is used for North Korea’s nuclear weapons and ballistic missile programs, the robberies also pose a serious risk to financial institutions’ reputations, their operations, and public confidence in banking, CISA said.

The BeagleBoyz aren’t typical cybercriminals either: They conduct “well-planned, disciplined, and methodical cyber operations more akin to careful espionage activities,” CISA warns. “Over time, their operations have become increasingly complex and destructive. The tools and implants employed by this group are consistently complex and demonstrate a strong focus on effectiveness and operational security.”

The group has used a variety of approaches to gaining initial access: Spear phishing, watering holes, social engineering, malicious files, and even contracted third-party hacking groups have been used for initial penetration.

Once inside a network, the BeagleBoyz have again used a wide variety of approaches to meet their objectives, establish a persistent presence, evade defense, and harvest credentials of privileged users.

CISA said that the BeagleBoyz appear to seek out two particular systems in a financial institution’s network: It’s SWIFT terminal and the server hosting the payment switch application for the bank. They map networks using locally-available administrative tools, deploy a constantly evolving list of command and control software, and ultimately try to make off with any possible money they can get their hands on via fraudulent ATM cashouts.

“After gaining access to either one or both of these operationally critical systems, the BeagleBoyz monitor the systems to learn about their configurations and legitimate use patterns, and then they deploy bespoke tools to facilitate illicit monetization,” CISA said.

It isn’t known if the BeagleBoyz have successfully targeted a US-based financial institution, and CISA’s report suggests they’ve been active primarily in other parts of the world. That doesn’t mean they won’t attempt to break into a US-based bank: Everyone in the cybersecurity arm of the financial industry should be alert.

Protecting against the BeagleBoyz

CISA makes the following mitigation suggestions based on particular industry:

All financial institutions:

Institutions with retail payment systems:

  • Require chip and PIN for all transactions
  • Isolate payment system infrastructure behind multiple authentication factors
  • Segment networks into separate, secure enclaves
  • Encrypt all data in transit
  • Monitor networks for anomalous behavior

Institutions with ATMs or point-of-sale devices:

  • Validate issuer responses to financial request messages
  • Implement chip and PIN for debit transactions

These suggestions come along with general good security habits such as enforcing strong password policies, keeping all systems up to date, disabling all unnecessary services on workstations, scanning documents and emails for potential malicious code, and staying up to date on the latest threats.

 

SecState Pompeo to UNSC to Invoke Iran Snapback Sanctions

President Trump confirmed on Wednesday that he had asked Secretary of State Mike Pompeo to notify the UN Security Council that the U.S. intends to initiate “snapback” sanctions on Iran. The formal request is expected on Thursday, Israeli officials told Axios.

The backdrop: This move could create a diplomatic and legal crisis unlike any seen before at the Security Council. It comes days after the U.S. failed to mobilize support at the council to extend an international arms embargo on Iran.

The big picture: Despite having withdrawn from the 2015 Iran nuclear deal, the U.S. is invoking its terms in an attempt to force sanctions lifted under the pact to snap back into place.

  • The deal says any of the signatories — the U.S., Russia, China, France, Germany and the U.K. — can demand sanctions be reimposed automatically if they believe Iran has committed substantial violations. No country can veto such a move.
  • Russia and China contend that the U.S. gave up its right to reimpose the sanctions when it withdrew from the deal. That view is shared by others on the council, and even by John Bolton, the hawkish former national security adviser.
  • The U.S., on the other hand, claims it has the right to initiate the snapback mechanism because it is a party to the Security Council resolution that endorsed the nuclear deal and included the snapback mechanism.
  • The European signatories, who have tried desperately to save the nuclear deal, also oppose the U.S. move.

How it works: Pompeo is expected to arrive in New York on Thursday and present formal letters to the UN secretary-general and the UN ambassador from Indonesia, who holds the Security Council’s rotating presidency.

  • The letter will then be circulated to other members, beginning a 30-day consultation period.

What to watch: Israeli officials and Western diplomats both say they expect a major diplomatic crisis over those 30 days.

  • If any member of the Security Council submits a resolution to stop the snapback move, the U.S. will be able to veto it.
  • U.S. officials believe that the renewal of international sanctions will lead Iran to withdraw from the nuclear deal — and likely make it impossible for Democratic nominee Joe Biden to put the deal back together if he wins in November.
  • Israeli officials were notified on Monday that the Trump administration intended to submit the official complaint on Thursday.

The latest: “When the United States entered into the Iran deal, it was clear that the United States would always have the right to restore the UN sanctions that would prevent Iran from developing a nuclear weapon,” Trump claimed in a press conference on Wednesday.

*** UN crisis looms as US readies demand for Iran sanctions ...

For background and context:

In May of 2020 –

State Dept: The 13-year-old arms embargo on the Iranian regime will expire in October. The embargo was created by the United Nations Security Council but is scheduled to end because of the 2015 Iran nuclear deal, leaving the world’s foremost state sponsor of terrorism and anti-Semitism free to import and export combat aircraft, warships, submarines and guided missiles. To prevent this, the Security Council must pass a resolution to extend the arms embargo. If this effort is defeated by a veto, the Trump administration is prepared to exercise all legally available options to extend the embargo.

We face this circumstance because the Obama administration acceded to Iran’s demand that the U.N. embargo end in the fifth year of the deal. It is only one of many restrictions on Iran scheduled to expire over time. President Obama hoped concessions would moderate the regime’s behavior. “Ideally,” he said in 2015, “we would see a situation in which Iran, seeing sanctions reduced, would start . . . re-entering the world community [and] lessening its provocative activities.”

Instead, Iranian provocations accelerated under the nuclear deal. Emboldened by repeated diplomatic wins and flush with cash, the Iranian regime increased its ballistic-missile testing and missile proliferation to terrorist proxies. Iran built out a “Shiite crescent” in Syria, Iraq, Lebanon, Bahrain and Yemen, arming its proxies to the teeth.

The U.S. and partners have used the arms embargo to disrupt Iran’s sending advanced weaponry to terrorists and militants. This diplomatic tool has rallied the international community to interdict and inspect weapons shipments, building global condemnation of Iranian violations.

Among many examples, on Feb. 9, a U.S. Navy ship interdicted a ship attempting to smuggle Iranian weapons to Houthi rebels in Yemen. American sailors found 150 antitank guided missiles, three surface-to-air missiles, and component parts for unmanned explosive boats.

Iran’s President Hassan Rouhani sees a bright future when the embargo lapses. In November 2019, he said: “When the embargo . . . is lifted next year, we can easily buy and sell weapons.” He went on to hail the provision as a “huge political success” for Iran.

Kerry: Agreement on Iran issue only alternative to force ... John Kerry/Wendy Sherman negotiators of JCPOA

The regime plans to upgrade Iran’s aging air force, improve the accuracy of its missiles, and strengthen its ability to strike ships and shoot down aircraft. Iran’s Islamic Revolutionary Guard Corps—a terrorist group with a long history of targeting and killing Americans—could then reverse-engineer technologies in these systems for domestic weapons production and export.

Iranian weapons already put American and allied troops in the region under threat and endanger Israel. Letting the arms embargo expire would make it considerably easier for Iran to ship weapons to its allies in Syria, Hamas in Gaza, and Shiite militias in Iraq.

Mr. Rouhani understands the stakes. Last week he appeared on Iranian television to declare that “Iran will give a crushing response if the arms embargo on Tehran is extended.” This threat is designed to intimidate nations into accepting Iran’s usual violent behavior for fear of something worse.

The Security Council must reject Mr. Rouhani’s extortion. The U.S. will press ahead with diplomacy and build support to extend the embargo. We have drafted a resolution and hope it will pass. Russia’s and China’s interests would be served by a “yes” vote—they have more to gain from Mideast stability than from selling weapons to Iran for its sectarian wars.

If American diplomacy is frustrated by a veto, however, the U.S. retains the right to renew the arms embargo by other means. Security Council Resolution 2231 (2015) lifted most U.N. sanctions but also created a legal mechanism for exclusive use by certain nations to snap sanctions back. The arms embargo is one of these sanctions.

Mr. Obama explained how “snapback” works in 2015: “If Iran violates the agreement over the next decade, all of the sanctions can snap back into place. We won’t need the support of other members of the U.N. Security Council; America can trigger snapback on our own.” As of today, Iran has violated the nuclear deal at least five times.

The Trump administration’s preferred strategy is for the Security Council to extend the arms embargo while the U.S. continues to apply maximum economic pressure and maintains deterrence against Iranian aggression. Nearly 400 House members, an overwhelming bipartisan majority, have signed a letter backing Secretary of State Mike Pompeo’s diplomacy to extend the arms embargo. Iran certainly hasn’t earned the right to have it lifted. One way or another, the U.S. will ensure it remains in place against the violent and revolutionary regime in Tehran.

Hat tip to NSA FBI for Cracking Drovorub

The National Security Agency and the FBI are jointly exposing malware that they say Russian military hackers use in cyber-espionage operations.

Hackers working for Russia’s General Staff Main Intelligence Directorate’s 85th Main Special Service Center, military unit 26165, use the malware, which the Russians themselves call “Drovorub,” to target Linux systems, the NSA and FBI said Thursday in a detailed report.

The hackers, also known as APT28 or Fancy Bear, allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities. The Russian military agency is also known as the GRU.

FBI e NSA descobrem novo malware Linux chamado Drovorub ...

While the alert does not include specific details about Drovorub victims, U.S. officials did say they published the alert Thursday to raise awareness about state-sponsored Russian hacking and possible defense sector vulnerabilities. The disclosure comes just months before American voters will conduct a presidential election.

“Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 U.S. Presidential Election,” the NSA and FBI said in the report.

The U.S. intelligence community has assessed that multiple foreign governments may “seek to compromise our election infrastructure.” It was not clear if the Russian hackers were using Drovorub malware in any ongoing interference efforts related to the 2020 presidential elections.

The NSA and FBI urged national security personnel, including the U.S. Department of Defense, to be on the alert for Drovorub attacks.

“The malware represents a threat because Linux systems are used pervasively throughout National Security Systems, Department of Defense, and the Defense Industrial Base,” the statement said. “All stakeholders should take action as appropriate.”

The announcement comes nearly one year after the NSA stood up a new cybersecurity directorate aimed at sharing more adversary threat intelligence with the public, and in recent weeks the NSA has worked to expose a spate of Russian campaigns, including Russian hackers’ efforts to target coronavirus research.

Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, told CyberScoop the release shows these hackers are not easily deterred.

“Most importantly it demonstrates that FANCY BEAR has more tools and capabilities that are still being identified. This actor didn’t pack up and go home, they still have tricks up their sleeve,” Meyers told CyberScoop, adding that the news should raise alarm bells about Linux security. “Another important take away is that Linux is an area that organizations need to keep in mind from a malware perspective, many have not invested in similar security tools for this platform as they have for user platforms.”

Attacks employing Drovorub may be linked with previous Russian military efforts against connected devices, according to the NSA and the FBI. An APT28 attack that Microsoft security researchers identified last year against devices such as an office printer or a VOIP phone, for instance, was linked with an IP address that has also been used to access the Drovorub command and control IP address, the NSA and FBI said.

In such attacks, the hackers appeared interested in exploiting so-called internet of things devices in order to gain access to broader networks, other insecure accounts, and sensitive data, according to Microsoft.

The joint NSA and FBI release also has the effect of alerting the Russian government that U.S. officials are capable of tracking some of their work. The 780th Military Intelligence Brigade, which currently works with the Pentagon’s offensive cyber arm, Cyber Command, tweeted information out about the malware, and tagged a state-funded media outlet, RT, to flag the news for them.

The Drovorub malware consists of several components, the NSA and the FBI said, including an implant, a kernel module rootlet, a file transfer tool, and an attacker-controlled command and control server.

“When deployed on a victim machine, the Drovorub implant (client) provides the capability for direct communications with actor-controlled C2 infrastructure; file download and upload capabilities; execution of arbitrary commands as ‘root’; and port forwarding of network traffic to other hosts on the network,” the NSA and FBI said.

More detail for zdnet:

“Technical details released today by the NSA and FBI on APT28’s Drovorub toolset are highly valuable to cyber defenders across the United States.”

To prevent attacks, the agency recommends that US organizations update any Linux system to a version running kernel version 3.7 or later, “in order to take full advantage of kernel signing enforcement,” a security feature that would prevent APT28 hackers from installing Drovorub’s rootkit.

The joint security alert [PDF] contains guidance for running Volatility, probing for file hiding behavior, Snort rules, and Yara rules — all helpful for deploying proper detection measures.

Some interesting details we gathered from the 45-page-long security alert:

  • The name Drovorub is the name that APT28 uses for the malware, and not one assigned by the NSA or FBI.
  • The name comes from drovo [дрово], which translates to “firewood”, or “wood” and rub [руб], which translates to “to fell”, or “to chop.”
  • The FBI and NSA said they were able to link Drovorub to APT28 after the Russian hackers reused servers across different operations. For example, the two agencies claim Drovorub connected to a C&C server that was previously used in the past for APT28 operations targeting IoT devices in the spring of 2019. The IP address had been previously documented by Microsoft.

Chinese Embassy in San Francisco Still Open, Why?

Primer: The Chinese consulate in San Francisco is harboring a biology researcher who falsely denied connections to the Chinese military to obtain a visa and gain access to the country, according to court documents filed by the FBI.

The filing came as part of a document that cited a slew of other episodes in which Chinese nationals allegedly lied on their visa applications by hiding their military connections. More details.

FBI Arrests Chinese Researcher for Visa Fraud After She ... source

Axios: 

Every country spies. And many countries — including the U.S. — use their diplomatic outposts to do it. But for years, China has used its embassies and consulates to do far more than that.

Why it matters: The Trump administration’s recent hardline stance against China’s illicit consular activities is a public acknowledgment of real problems, but it comes at a time when U.S.-China relations are already dangerously tense.

Driving the news: Last week, the U.S. demanded that China close its Houston consulate in order to “protect American intellectual property and Americans’ private information,” White House National Security Council spokesperson John Ullyot said in a statement.

  • In response, the Chinese government ordered the closure of the U.S. consulate in Chengdu, a facility nestled in China’s more remote inland region that served primarily as a visa-issuing office for Chinese hoping to visit the U.S., and was not a major hub for U.S. intelligence activity.

Yes, but: The Houston consulate wasn’t China’s most important espionage hub.

  • “San Francisco is the real gem but the U.S. won’t close it,” a former U.S. intelligence official told Axios.
  • It indicates the Trump administration is likely making an example of the Houston consulate in a bid to achieve its goal of a reduction in Chinese espionage activities without taking an even harsher measure, such as closing the San Francisco or New York consulates.

The Chinese government has long used its embassy and consulates in the U.S. to exert control over student groups, collect information on Uighurs and Chinese dissident groups, and coordinate local and state level political influence activities.

Surveilling Uighurs: Leaked classified Chinese government documents have revealed that Chinese embassies and consulates are complicit in the ongoing cultural and demographic genocide against Uighurs.

  • The CCP has sought to track down Uighurs who have left China and force them to return, with orders to place them in mass internment camps “the moment they cross the border.”
  • China’s embassies and consulates have also collected information on Uighurs abroad and submitted that information to Xinjiang police.
  • Consular officials have frequently refused to renew Uighur passports, telling them they must return to China in order to obtain new documents — only to be disappeared into camps as soon as they do.

Controlling Chinese students: The Chinese embassy and consulates keep close tabs on Chinese students in the U.S., occasionally sending them political directives and quietly organizing demonstrations.

  • The Chinese embassy and consulates have paid students to demonstrate in support of visiting Chinese leaders, instructing them to crowd out anti-CCP protesters. They have also asked Chinese Students and Scholars Associations (CSSA) presidents to hold study sessions on party thought and to send back photos of the sessions to ensure compliance.
  • “I feel like the tendency is that the consulate tries to control CSSAs more and more,” one CSSA president told me in 2018.

Supporting United Front organizations: Chinese diplomatic officials regularly meet with leaders of U.S.-based organizations tied to the United Front Work Department, the political influence arm of the CCP, and preside over the ceremonies and banquets held by these organizations.

  • One such organization, the National Association for China’s Peaceful Unification, has branches in more than 30 U.S. cities. Its members issue statements in support of China’s official foreign policy positions, and the Chinese embassy and consular officials encourage them to engage in local U.S. politics.

The bottom line: Dealing with bad behavior by diplomats is a highly sensitive geopolitical issue that can easily result in damaged relations.

Go deeper … Mapped: Where U.S. and Chinese embassies and consulates are located

***

In part, how big a problem does the U.S. have regarding Chinese spies around the nation?

Economic Espionage

To achieve its goals and surpass America, China recognizes it needs to make leaps in cutting-edge technologies. But the sad fact is that instead of engaging in the hard slog of innovation, China often steals American intellectual property and then uses it to compete against the very American companies it victimized—in effect, cheating twice over. They’re targeting research on everything from military equipment to wind turbines to rice and corn seeds.

Through its talent recruitment programs, like the so-called Thousand Talents Program, the Chinese government tries to entice scientists to secretly bring our knowledge and innovation back to China—even if that means stealing proprietary information or violating our export controls and conflict-of-interest rules.

Take the case of scientist Hongjin Tan, for example, a Chinese national and American lawful permanent resident. He applied to China’s Thousand Talents Program and stole more than $1 billion—that’s with a “b”—worth of trade secrets from his former employer, an Oklahoma-based petroleum company, and got caught. A few months ago, he was convicted and sent to prison.

Or there’s the case of Shan Shi, a Texas-based scientist, also sentenced to prison earlier this year. Shi stole trade secrets regarding syntactic foam, an important naval technology used in submarines. Shi, too, had applied to China’s Thousand Talents Program, and specifically pledged to “digest” and “absorb” the relevant technology in the United States. He did this on behalf of Chinese state-owned enterprises, which ultimately planned to put the American company out of business and take over the market.

In one of the more galling and egregious aspects of the scheme, the conspirators actually patented in China the very manufacturing process they’d stolen, and then offered their victim American company a joint venture using its own stolen technology. We’re talking about an American company that spent years and millions of dollars developing that technology, and China couldn’t replicate it—so, instead, it paid to have it stolen.

And just two weeks ago, Hao Zhang was convicted of economic espionage, theft of trade secrets, and conspiracy for stealing proprietary information about wireless devices from two U.S. companies. One of those companies had spent over 20 years developing the technology Zhang stole.

These cases were among more than a thousand investigations the FBI has into China’s actual and attempted theft of American technology—which is to say nothing of over a thousand more ongoing counterintelligence investigations of other kinds related to China. We’re conducting these kinds of investigations in all 56 of our field offices. And over the past decade, we’ve seen economic espionage cases with a link to China increase by approximately 1,300 percent.

The stakes could not be higher, and the potential economic harm to American businesses and the economy as a whole almost defies calculation. More details here.

 

Check the Corruption in the Paycheck Protection Program

The federal government has not disclosed most of the forgivable coronavirus-stimulus loans issued to businesses under the $660 billion federal Paycheck Protection Program.

The Small Business Administration has publicly released lists of the forgivable loans under $150,000 issued in each state but it did not include the names of the recipients.

Loans under $150,000 make up the bulk of the loans issued. According to SBA data through June 30, 2020, loans under $50,000 represented 66.8% of all loans provided, $50,000 to $100,000 represented 13.8% and $100,000-$150,000 represented 6%.

The state-by-state lists the SBA released included only the names of the lenders, including banks and credit unions, that approved the loans as well as the estimated number of jobs the loan will help retain. To date, banks have earned billions in taxpayer-funded fees for issuing the loans as part of PPP, which was setup by the $2.2 trillion CARES Act. The SBA hasn’t said whether individual bank branches directly received forgivable PPP loans.

As Just the News previously reported, the federal government isn’t going to conduct a review of most taxpayer-funded forgivable loans issued under the program.

Pennsylvania Treasury, Joe Torsella - State Treasurer source

According to the SBA, the loan is forgivable if “at least 60 percent” of it is used toward payroll. The rest can be used for qualified expenses such as rent and utilities. More here.

***

So…let’s take a look at some details of corruption shall we? Then measure your outrage…if you can. It may also be a good time to call your representative and ask them if they took any PPP money of any kind or ask them if they are outraged and what are they gonna do about it.

  1. Movie star and Trump hater, Robert De Niro: He got $28 million.
  2. A law firm founded by VP Joe Biden Monzack Mersky McLaughlin and Browder, of which Biden no longer has an interest but he maintained close ties. Monzack, who has donated thousands to Biden’s presidential campaign, attended a state dinner at the White House for Chinese President Hu Jintao in 2011. The law firm is also a registered agent for companies tied to Biden.
  3. EDI Associates in San Rafael, California, has 52 employees and says it’s in the “full-service restaurant business,” government documents show. The company received between $350,000 and $1 million in Paycheck Protection Program (PPP) money. EDI is partially owned by Speaker Nancy Pelosi’s husband.
  4. A progressive political consulting firm that receives large payments from Rep. Alexandria Ocasio-Cortez’s (D., N.Y.) reelection campaign and activist Shaun King’s PAC raked in hundreds of thousands in taxpayer money meant to help small businesses.

    New data show that between $350,000 and $1 million flowed from the Paycheck Protection Program, a federal program created to help small businesses cope with the economic downturn caused by coronavirus, to Middle Seat Consulting, a Washington, D.C.-based digital firm that provides services to far-left Democrats.

  5. The campaign of Christine Eady Mann, a Democratic candidate for Congress running in Texas’s 31st district, received $28,600 in May from the PPP, a federal program designed to help small businesses. Mann’s campaign said it used the loan to offset “challenging” fundraising numbers. The campaign repaid the loan in full six weeks later.

There are many more but here is the kicker of it all perhaps….

NP: Entities led by high-ranking Chinese Communist Party (CCP) members, collaborators with state-owned enterprises, and Confucius Institute partners rank among the beneficiaries of the U.S. government’s coronavirus pandemic bailout.

These companies received up to $3.4 million from the U.S. federal government according to Treasury Department’s records released on Monday.

Beyond funding the opposition in the ongoing economic and information warfare between China and the U.S., Chinese companies often coerce American companies to comply with their censorship standards, routinely steal intellectual property, and spearhead massive outsourcing-fueled trade deficits at great cost to American jobs and workers.

Despite this, CCP-linked companies which benefited from the program meant to save American businesses and jobs hurt by the coronavirus include:

China United Transport, $350,000-$1,000,000

As a global transportation and logistics company, China United Transport’s brands itself as a lifeline for the global supply chain.

With weekly shipments to “Beijing, Shanghai, Guangzhou, Shenzhen, Hong Kong, Tianjing, Dalian, Qingdao, and Ningbo,” the company works with several Chinese state-owned ocean and air carriers.

China United lists AirChina, a state-owned enterprise that has received awards from the CCP and boasts it “has always demonstrated its strong brand image as a government-controlled enterprise” in its company profile.

Another partner, COSCO Shipping Lines, features 11 out of its 13 board members listing CCP affiliations in their biographies.

The Chairman and Managing Director Yang Zhijian, for example, serves as the Deputy Secretary of the CCP’s Central Committee and Deputy Managing Director Qian Weizhong serves as Party Secretary.

The CCP also retains a majority stake in partners China Eastern Airline and China Southern Airline.

China Manufacturers Alliance, $350,000-$1,000,000

China Manufacturers Alliance is a facilitator of U.S. dependence on Chinese manufacturing, defining its mission as “uniting major tire manufacturers in China under a unique and powerful cooperative alliance.”

Beyond serving as a boon for the Chinese economy, its parent company is Shanghai Huayi Group. The group is headed by CCP members including its president Lili Gu and Technology Director Dengxi Wu.

Boardmember Liu Genyuan has also advised the CCP’s Belt and Road Initiative, a predatory investment scheme whereby China funnels extensive amounts of money to developing countries who often default on the loans they are provided.

This allows the CCP to seize control of critical infrastructure and facilitate the regime’s quest to end the world’s reliance on the West by bringing countries into their technological and financial orbit.

China Luxury Advisors, $150,000-$350,000

China Luxury Advisors, which strives to “engage the global Chinese consumer,” boasts on its homepage that it’s a Tencent International Premium Agency Partner and Official Alibaba Partner.

Tencent has been identified by the State Department’s Bureau of International Security and Nonproliferation as a “tool of the Chinese government,” noting the company has “no meaningful ability to tell the Chinese Communist Party ‘no’ if officials decide to ask for their assistance.”

It also provides “a foundation of technology-facilitated surveillance and social control” as part of the CCP’s broader crusade “to shape the world consistent with its authoritarian model,” the report added. And CCP collaboration is not far-fetched: its CEO is also known to have direct links to the CCP, currently serving as a Congressional Deputy and Standing Committee member and assisting the CCP with “law enforcement and security issues” and collaborating on “patriotic” video games.

Alibaba founder Jack Ma is a member of the CCP who insisted at a Wall Street Journal event to “be in love with them,” referencing the CCP. Forbes reported the “Chinese Government Has A Huge “Stake” In Alibaba” in 2015 and The New York Times unearthed the company’s “deep political connections of the investment firms, Boyu Capital, Citic Capital Holdings and CDB Capital, the China Development Bank’s private investment arm” in 2014.

The Times also noted Alibaba’s “senior executive ranks included sons or grandsons of the most powerful members of the ruling Communist Party.”

China Luxury Advisors also “works closely with WeChat to register and manage official accounts, develop mini-programs, create content, and place advertising across Tencent’s platforms.” WeChat is a Tencent-owned messaging app with a track record of banning or censoring users who share content counter to the state’s narratives and users are often subject to CCP surveillance and data breaches.

China Institute, $150,000-$350,000

China Institute has a nearly 100-year history of working alongside the CCP. Notable events it touts on its timeline include:

China Institute is instrumental in the Chinese Government’s decision to provide additional funds to Chinese students through its Committee on Wartime Planning for Chinese Students in the United States.

The New York-based advocacy group also hosts a Confucius Institute in partnership with East China Normal University (ECNU), a state-funded University which advertises its adherence to CCP “education and other related policies” in its teachings.

The partnership has allowed Confucius Institutes to metastasize into nine K-12 schools despite being controversial operations replete with “undisclosed ties to Chinese institutions, and conflicted loyalties,” propaganda, and intellectual property theft, according to the Federal Bureau of Investigation (FBI) and U.S. Department of Justice (DOJ).’

The Confucius Institute’s Beijing Headquarters, colloquially known as “Hanban,” pushes teachers to use “teaching resources” penned by the Chinese Communist Party (CCP) itself.

Chinatex, $150,000-$350,000

Chinatex is a global cotton trading enterprise focusing on apparel. The company’s introduction page boasts of its state-owned status and subservience to the CCP’S five-year plans:

In July 2016, Chinatex was integrated into Cofco Group as its wholly-owned subsidiary subject to approval by the State Council. According to its 13th Five-Year Plan, Chinatex is now adhering to the overall guiding principle of “professional management and industrialization development”, shouldering the important historical missions of “serving as the major force in maintaining the safety of the national cotton industry, a leader in cotton market regulation, and a practitioner of green, environmentally friendly factories”, vigorously enhancing its vitality, influence and control in the industry, and striving to become a world-class cotton merchant.

The Beijing-based manufacturer is responsible for siphoning American manufacturing and textile jobs.

GateChina, $150,000-$350,000

GateChina’s flagship website is WenxueCity, a Chinese-language news aggregator intended for expatriates. The outlet routinely links to content from CCP run and funded media outlets such as China Network Television.


The news of the loans going to CCP-linked companies is sure to raise eyebrows, especially given the Trump administration’s recent focus on China in the wake of the coronavirus pandemic and the crackdown in Hong Kong.

A few more items are here like:

In Los Angeles, luxury residential brokerage the Agency received a $2 to 5 million PPP loan to retain 104 employees, according to the SBA data. Stimulus recipients in L.A. also included a number of Chinese developers, like Greenland Group, which received two $1 to $2 million loans to retain a total of 339 employees; and Shenzhen New World Group, which received two $2 to $5 million loans for a total of 533 employees. Shenzhen New World has been implicated as a major player in a bribery scheme surrounding recently-arrested City Councilmember Jose Huizar.

While U.S. subsidiaries of foreign companies are not barred from receiving PPP assistance, lack of guidance in the early days of the program had led to significant confusion among potential borrowers.

Last month, an L.A. marketing agency that had received a PPP loan sued its Canadian landlord Onni Group, alleging the foreign company was seeking “back-door” access to the program by demanding the funds be used to pay rent. Check out more here.