APT3 mainly focused on targets of strategic importance for the Chinese Communist Party, as well as
targets vital for China’s economic interests and military modernisation. The attacked entities included
targets in aerospace, defence, construction and engineering, telecommunications, and transportation.

The group’s political affiliation was mainly revealed in 2017 when various actors published attribution
statements that linked APT3 with the Chinese information security company Guangzhou Boyu Information
Technology Company, Ltd. (Boyusec), based in Guangzhou, which was acting as a front for the Chinese
Ministry of State Security (MSS). In 2014, Boyusec had established a joint active defence laboratory (ADUL) in cooperation with Guangdong ITSEC, a subordinate to the China Information Technology Evaluation Center
(CNITSEC) organisation, which is run by the MSS. CNITSEC is said to execute vulnerability testing and
reliability assessments of software for the Ministry. The vulnerabilities found by CNITSEC were then
allegedly used for intelligence operations by the MSS.