Guangdong Provincial State Security Department

The Guangdong Provincial State Security Department (GSSD; Chinese: 广东省国家安全厅) is a division of China's Ministry of State Security (MSS) responsible for intelligence collection and secret policing in the province of Guangdong. Established as one of the original 14 semi-autonomous provincial MSS units in 1983, the department is involved in expansive human intelligence efforts, information operations, and cyber espionage campaigns. It is headquartered in the provincial capital of Guangzhou.

Guangdong Provincial State Security Department

广东省国家安全厅
Seal of the Ministry of State Security
Headquarters of the Guangdong State Security Department in Guangzhou.
Department overview
Formed	1983; 42 years ago (1983)
Jurisdiction	Guangdong, China
Headquarters	No. 163 Dongfeng West Road, Yuexiu district, Guangzhou, Guangdong, China
Department executive	Tang Zhenyu, Director
Parent Ministry	Ministry of State Security

History

The Guangdong SSD has been a prominent provincial department since the establishment of the MSS. As one of the original 14 MSS departments established in 1983, Guangdong stood out as one of the largest at the time of its establishment. It remains prominent in the state security system.^[1]

The Guangdong SSD is afforded some of the most elite recruits to the MSS, though generally slightly below those assigned to MSS headquarters or the municipal Shanghai bureau or Beijing bureau.^[2]

Operations

The GSSD is prolific in a range of fields of intelligence operations, both within China and abroad. In an anonymous 2021 interview with the Southern Daily, the official mouthpiece of the Guangdong Provincial Committee of the Chinese Communist Party, the director of the Guangdong SSD described their department's mission as "defending the socialist state power, maintaining social harmony and stability, and protecting the safety of the people's lives and property."^[3]

Counterintelligence

In 2014, the GSSD announced that its counterintelligence unit had disrupted an operation by a foreign adversary which had recruited a Chinese citizen through an online chat room.^[4]

Cyber espionage

BRONZE SPRING

The Guangdong SSD is understood to be responsible for the advanced persistent threat group BRONZE SPRING, also known as UNC302.^[5] In 2020, the U.S. Department of Justice indicted Li Xiaoyu (李啸宇) and Dong Jiazhi (董家志) on an 11-count indictment which alleged that the pair participated in hacking campaigns on behalf of the GSSD conspiring to steal trade secrets and commit wire fraud, commit identify theft, and gain unauthorized access of computers. The government said the pair were first noticed as they penetrated U.S. Department of Energy systems in the Pacific Northwest National Laboratory at the Hanford Site in Washington State but tracked them attacking other targets. They targeted businesses in the tech, education, civil and pharmaceutical industries, as well as U.S. Department of Defense satellite and communications programs. Individuals—including a community organizer in Hong Kong and a former Tiananmen Square protester—were also allegedly targeted.^[6][7] The groups targets were located in the United States, Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea, Sweden, and the United Kingdom.^[8][5] The pair along with additional actors from the GSSD then were identified targeting researchers and organizations working on cures and treatments for COVID-19.^[6][9] The group made use of the notorious China Chopper web shell.^[8]

Boyusec

The Guangdong SSD is reportedly responsible for the advanced persistent threat group APT3, also known as Buckeye, UPS, Gothic Panda, and TG-011.^[10] The group reportedly made use of the Equation Group tools stolen from the US National Security Agency by the Shadow Brokers. The FBI disclosed the group's suspected headquarters, located at Room 1103, Huapu Square West Tower, Guangzhou, Guangdong.

2018 hack of the US Navy

Between February and March 2018, hackers from the Guangdong State Security Department compromised the computers of a US Navy contractor, stealing classified information relating to undersea warfare, including plans to equip US submarines with supersonic anti-ship missiles. The hacked computers belonged to a contractor working for the Navy Undersea Warfare Center in Newport, Rhode Island. The contractor improperly stored material relating to the SEA DRAGON supersonic anti-ship missile development, as well as the navy submarine development unit's electronic library, submarine radio room information, information on the navy's cryptographic systems, and signal and sensor data on the contractor's unclassified network.^[11]

Human intelligence

Jerry Chun Shing Lee

Jerry Chun Shing Lee at the time of his arrest by U.S. federal agents.

In January 2018, the FBI arrested former CIA officer Jerry Chun Shing Lee, charging him with unlawful possession of defense information. He may have compromised the identities of numerous CIA spies in China.^[12][13] Lee, a naturalized U.S. citizen, had worked for the CIA with a top secret security clearance from 1994 until 2007. Several years after his departure from the CIA, China began capturing and killing U.S. informants. Officials in the U.S. began investigating whether a mole was responsible for outing the identities of sources working with the U.S. In May 2018, Lee was formally charged with conspiracy to commit espionage on behalf of China.^[14] According to the indictment, he met two officers of the Guangdong State Security Department in Shenzhen, and they gave him "a gift of $100,000 cash in exchange for his cooperation", with the promise that "they would take care of him for life".^[15][16] Lee received hundreds of thousands of dollars in cash that he deposited into his HSBC bank accounts in Hong Kong between 2010 and 2013,^[15] the same time the CIA lost 18 to 20 Chinese informants who were killed or imprisoned for providing sensitive information to the U.S. government.^[15] Lee started working for a cigarette company in Hong Kong in 2007, the same year he left the CIA. In 2009, Japan Tobacco International terminated his contract amid suspicions that he was leaking sensitive information about its operations to Chinese authorities. He then set up his own company, also related to the import of cigarettes, which did not succeed. According to court papers, Lee's business partner in Hong Kong arranged meetings and passed messages from Chinese intelligence officers to him. From June 2013 to September 2015, the former CIA agent worked for the cosmetics company Estée Lauder. At the time of his arrest, he was the head of security at the international auction house Christie's in Hong Kong.^[15] In May 2019, he pled guilty and was sentenced in November 2019 to 19 years in prison.^[17][18][19]

Li Zhihao

Perhaps the most successful double agent to ever to penetrate Taiwan's Military Intelligence Bureau (MIB), Li staged an elaborate false escape from China by swimming to Hong Kong in the late 1980s, apparently at the direction of the Guangdong State Security Bureau. He was eventually recruited by Taiwanese MIB, and for nearly a decade he operated undercover within Taiwanese intelligence. Li betrayed at least three Taiwanese agents on the Chinese mainland before being caught in 1999. Later that year, a Taiwanese court sentenced him to life in prison. On the eve of the 2015 Ma–Xi meeting in Singapore, Li was traded back to China in a spy swap, in exchange for the release of MIB agents Chu Kung-hsun and Hsu Chang-kuo, who were kidnapped by the MSS in Vietnam in 2006. Taiwanese authorities denied there was an explicit trade.^[20]

Shujun Wang

The GSSD collaborated with the Qingdao State Security Bureau (a subordinate city unit of the Shandong SSD) in handling Shujun Wang as a human intelligence asset in New York City's Chinese dissident community.^[21] Wang acknowledged to US investigators that from 1994 to 2022 he gathered information on pro-democracy advocates at the request of the MSS, but claimed that he did not provide valuable, non-public information.^[22] Wang passed information to officials at the Chinese consulate and Overseas Chinese Affairs Office.^[23] In August 2024, Wang was convicted on four counts of acting and conspiring to act as an agent of a foreign government; he had pleaded not guilty.^[24][25]

Xu Tianmin

In the 1990s, Xu Tianmin (许天民), a Ministry of Public Security official who transferred to the Guangdong SSD, was sent to British Hong Kong as a handler for a double agent working for Taiwanese intelligence in the city.^[26]

Influence campaigns

Wham! 1985 tour

In 1985, the Guangdong International Culture Exchange Center, a branch of China International Culture Exchange Center (CICEC, the cover identity of the 12th Bureau of MSS headquarters) administered by the Guangdong State Security Department, hosted Wham! frontman George Michael during the band's 1985 tour of China. A photo from the banquet shows Michael unknowingly seated beside Wang Shuren, a senior MSS spy who worked in the Chinese embassy in Cambodia before building a specialization in smuggling agents into Hong Kong.^[27]

Tradecraft

For routine corporate matters like purchasing office furniture or contracting builders, MSS officers often use predictable forms of what's known as 'administrative cover.' In casual conversation with a stranger for example, an intelligence officer might claim to work in an unassuming position with the Shanghai Municipal Government Fifth Office. The Guangdong SSD has 18 such numbered offices, which exist only on paper.^[28]

Headquarters

The headquarters of the Guangdong SSD is located in an office tower in the Yuexiu district of Guangzhou. The tower has a helipad on the roof.^[29]

Leadership

The founding head of the Guangdong State Security Department came from a specialized public security unit that ran counterintelligence operations in Hong Kong and Macau, seeking to penetrate rival intelligence agencies from the United States, Taiwan and other nations.^[1]

Name	Entered office	Left office	ref.	Notes
Zhang Youheng (张友恒)	April 1984	April 1987	[30][31]
Ye Jinmei (叶金梅)	August 1987	March 1998	[32][33][34]
Huang Guanhua (黄观华)	March 1998	March 2000	[35]
Xu An (徐 安)	March 2000	unknown	[36][37]
Xie Jianhua (谢建华)	c. 2001	c. 2001	[38]
Zhang Yuting (张玉婷	March 2008	September 2016	[37][39]
Zhou Yingshi (周英时)	September 2016	unknown	[39]
Zhao Jian (赵坚)	unknown	unknown		Previously director of the Sichuan State Security Department
Tang Zhenyu (唐振玉)	c. 2021	c. 2021	[40]

See also

• Guangdong Public Security Department – Provincial division of the Ministry of Public Security, the domestic security agency of China.

• People's Armed Police Guangdong Contingent [zh] – Provincial garrison of the People's Armed Police, a paramilitary internal security agency.