

Economic espionage is big business.
Your business is the target.
Every day, foreign governments and their proxies steal American intellectual property, attack our critical infrastructure, and seed our society with disinformation.
2430 Group is a non-profit, non-partisan research, analysis, and advisory organization dedicated to protecting the critical infrastructure and intellectual property (IP) of the United States and its allies from attacks by foreign, state-sponsored malign actors. 2430 Group performs three core missions: original, data-intensive research and analysis; tailored education and training; and strategic advice and solutions.
We serve organizations at risk of three harms: theft of IP, damage to infrastructure, and injury to reputation and goals via disinformation. Our clients include private-sector firms, academic institutions, research organizations, government agencies, and individuals.
Our team comprises experts with years of experience in intelligence, military special operations, diplomacy, law, law enforcement, technology, business, and academia. Our skills include research of open and commercial sources, data science and engineering, software development, due diligence and investigations, consequence management, and foreign language translation.

Why 2430 Group?
Neither the private sector nor the government is set up to do what 2430 Group does. The job of private companies is to develop and deliver high quality products and services to their customers. Private companies cannot be expected to develop and maintain the expertise and skills to root out IP theft and foreign influence. Government has the expertise and the mission, but lacks the authorities and resources necessary to protect millions of private firms or to investigate the thousands of American and foreign companies that collaborate with our adversaries. 2430 Group has the authority and expertise to help companies help themselves.
Our areas of concentration encompass:



Research and Analysis
Our researchers identify, uncover and explain the complex, hidden web of malign actors and their tactics, as well as the vulnerabilities they exploit. We rely on state-of-the-art tools and techniques to track, analyze, and share our findings with specific stakeholders and the public.


Education and Training
We use what we discover to help organizations recognize, reduce, and react to vulnerabilities and threats. We offer awareness workshops, webinars, and publications that cover topics such as intellectual property protection, best practices for supply chain security, and defense strategies against lawfare.


Solutions
We design and help implement solutions, which may include developing policies and procedures, providing risk assessments, writing software, and offering tailored options and advice for specific situations.
Please contact us if you need our services, want to contribute, or even just want to learn more about us or how you can help protect innovation.

Every year, 1 in 5 American companies report a theft of IP by China, collectively resulting in more than a
half-trillion dollars in annual losses.

Techniques Used Against U.S. Institutions
Our areas of concentration encompass intellectual property (IP) theft, attacks on critical infrastructure, and media manipulation. We list below nine types of theft; five varieties of infrastructure attacks; and four kinds of media manipulation. While others categorize these techniques differently, we find this typology to be both comprehensive and efficient:
IP Theft:

1
Consensual Transfer
China in particular makes sharing supplier intellectual property (IP) a condition of access to China’s market. For example, foreign auto companies had to agree to manufacture their vehicles in China, and even to form joint ventures with local manufacturers in exchange for the right to sell in China. Both requirements involved transfer of IP.

2
Coercion
The line between consent and coercion is blurry. Foreign companies that consented to one set of conditions for market access or joint ventures often find that the host country imposes new conditions that are not agreeable, but are difficult to resist once engagement has begun. This is a version of bait and switch. In one case, China insisted that its U.S. partner use local software as a condition of regulatory compliance. The U.S. partner was faced with a choice of abandoning an expensive investment, or exposing all its IP via the newly required software. Some foreign companies suffered arrests and detention of Chinese and foreign employees for failing to satisfy new conditions of their Chinese hosts.

3
Fraud
This is a broad category that encompasses misrepresentation of many kinds. A producer misrepresents itself as a licensee or customer, when in reality it is intending all along to acquire the seller's technology for its own uses and without licensing or even purchasing the foreign company's product. Huawei did this to U.S. company Akhan Semiconductor's high-technology glass, requesting to inspect it for potential licensing that never happened. Instead, Huawei had shipped part of the glass to China in an attempt to reverse engineer the product.

4
Predatory Finance
Malign actors gain access to IP, technology, and your other confidential company information through financial arrangements such as limited partnership agreements, joint ventures, and other rights gained through investments. Adversarial actors often hide their foreign connections behind cutouts, trusts, shells, and other vehicles. It is important that you do deep diligence on all your investors, including limited and other secondary partners.

5
Lawfare
Similar to coercion’s bait and switch, many Western companies have entered into one kind of agreement with a Chinese partner only to face a torrent of lawsuits from that partner seeking control of the investment or joint venture. One European-American company was served with dozens of lawsuits against the company and its officers and directors personally. Of course, the Chinese partner had access to all the resources of the government of China, whereas the European-American company with only its own resources.

6
Insiders: Espionage and Unintentional Sharing
Sometimes the most effective methods are the oldest. Foreign adversaries have recruited your employees or placed their agents in your companies. Recent media reports, for example, show how both Saudi Arabia and China placed their agents inside Twitter. Losses from existing employees are sometimes intentional, but most often result from social engineering, or ignorance of company policy governing the definition and handling of confidential information.

7
Supply Chain Infiltration
Russia and China have both gained access to confidential U.S. business and national security information through the use of obfuscated infiltration of organizations’ supply chains. Outwardly American suppliers have both wittingly and unwittingly installed Russian and Chinese hardware and software in your communication and data storage devices, as well as in your products. These implants “phone home” your confidential information without your knowledge.

8
Simple Theft
Sometimes, the best way to acquire sensitive information is to simply steal prototypes. This type of theft often targets the biotechnology industry, like when the FBI arrested an American scientist working for a Chinese company in 2013 for digging up proprietary GMO corn seeds from an Iowa test farm and shipping them abroad. Depending on their specifics, Chinese firms either reverse-engineer stolen prototypes or breed the GMO crops, stealing years of hard work and research.

9
Cyber Intrusion
The use of cyber attacks of all kinds by Russia and China is well known. As former Director of the National Security Agency, General Keith Alexander said of Chinese cyberattacks, "it's the greatest transfer of wealth in history", amounting to $115 Billion in losses every year. Well known examples include China’s 2005 “Titan Rain Attack” on U.S. defense contractors, China’s 2011 “Operation Aurora” attack on chemical manufacturers, and the 2020 “Cozy Bear” attack by Russian-linked cybercriminals who tried to steal COVID-19 vaccination information
For a more in-depth understanding of these nine types of intellectual property theft, please see 2430 Group's,
"A Typology of China's Intellectual Property Theft Techniques."
Critical Infrastructure Attacks:

1
Physical
One type of physical infrastructure attack is disruption of communication through
cutting cables. In April 2023, the People’s Republic of China (PRC) reportedly cut the fiber optic cable connecting Matsu island to the main island of Taiwan—the easiest way to do this is by dragging an anchor across a cable path. The PRC has also developed kinetic means to eliminate communications and navigation satellites via sophisticated "satellite killer" weapons and more simple firearm attacks.

2
External Cyber
External cyberattacks such as the use of ransomware (such as the Colonial Pipeline attack) or Distributed Denial of Service (DDoS) attacks against municipal governments have interrupted services. Although most of the latter appear to be financially-motivated, the Russian and Chinese governments have both harbored hackers and nurtured their own state-run offensive cyber programs.

3
Advanced Persistent Threats
APTs like China’s Volt Typhoon often install malware in communications, electrical, and water infrastructure. U.S. officials worry this spyware can be activated during crises to sabotage key systems. Further, this malware can persist for a long time by disguising itself using through techniques called “Living off the Land” or LOTls.

4
Insiders
Motivated insiders have acquired important information about critical infrastructure via third parties. For example, the PRC hired spies at a Hydro-Quebec firm in Canada that supplies energy to northeastern states in the U.S.

5
Supply Chain
Much of what we own in our homes is at least partially made in China. The same is true of utilities and the components of their equipment. These include investments in European port facilities and the Huawei and ZTE products embedded in U.S. electrical and communications infrastructure. The U.S. government has moved to remove Chinese-supplied equipment from U.S. utilities. However, utilities continue to use Chinese-manufactured components and products, including transistors.
Media Manipulation:

1
Malign and Disinformation
Malign and Disinformation are efforts to cause harm or deceit through false or misrepresented information. Russia uses these tactics to propagate false narratives of developments in Ukraine, criticize Ukrainian officials, and undermine the Biden administration's response to the war. China similarly uses provably false narratives, for example to intimidate their neighbors regarding their military. The PLA relies on videos of military exercises or those otherwise demonstrating military readiness and overlaying messaging that indicates they are “on their way to liberate Taiwan” or engaging in activities that threaten neighbors in East and/or Southeast Asia. This is also a common tactic for countering Euro-American accusations of PRC-sponsored genocide against the Uyghurs in China’s northwest Xinjiang Province. Such videos feature Uyghurs happily working in cotton fields and decrying foreign media for trying to ruin their economic development through claims of human rights violations.

2
Trolls and Astroturfing
Trolls deliberately post provocative or misleading messages online to disrupt discussions, while astroturfing masks orchestrated campaigns with a facade of grassroots support. In Russia, these activities often originate in the Internet Research Agency, a “troll farm” accused of spreading Russian propaganda to influence elections, harass dissidents, undermine the Ukrainian state, and bolster Putin’s image abroad. In China by contrast, pro-government posts often come from state-sponsored influencers or government bureaucrats paid extra to create positive social media content. The latter are often referred to in the west with the derisive moniker the “50-cent army” in honor of how they get paid per post, incentivizing copying and lazy writing.

3
Bots
Bots are automated tools that mimic human activity on social media. Various entities, including private sector companies, use bots for a variety of purposes, including inflating the follower counts of favored news sources to bolster perceived legitimacy, burying critics under a mountain of dislikes, and copying propaganda for wide dissemination. Much like astroturfed accounts, the existence of large numbers of bots undermines public confidence in information ecosystems by undermining the accuracy of popularity measures like reposts and follower counts.

4
Censorship
By suppressing stories they do not like, adversarial actors distort people’s perception of reality. Both China and Russia frequently censor social and traditional media by blocking offending posts and intimidating journalists. One of the most pernicious effects of state censorship is the self-censorship it produces. Individuals and groups become so afraid of the consequences of speaking the truth that they say nothing or do the work of distorting their true beliefs themselves.

Our Vision
2430 Group is a nonpartisan, independent nonprofit institution. We bridge the gap between private industry and the U.S. Government by helping to defend American citizens, companies, universities, and other institutions against hidden and illegal foreign interference and state-sponsored theft of cutting-edge breakthroughs in science and technology. 2430 Group comprises experts from the private sector, the intelligence community, the military, law enforcement, and academia, all with decades of experience in identifying and mitigating threats to our national security.
Our goals
-
That every American institution will be aware of adversarial methods for eroding trust in our democracy and exploiting our technological acumen. American firms will be able to recognize and avoid dangerous situations, companies, funding, and people.
-
That the USG will devote resources to this issue on a scale commensurate with the problem, including by using civil and criminal litigation against foreign attackers and their American fronts and collaborators.
-
That U.S. citizens and companies will be deterred from cooperating with foreign malign actors that aim to manipulate public discourse and undermine R&D for their own foreign policy objectives.

We value your support
As a 501(C)3 nonprofit institution, we depend entirely on donations to continue doing this important work. Your contribution will directly support these three areas:
People
2430 Group depends on the work of data scientists and engineers, researchers, linguists, software developers, intelligence experts, and trainers to find, compile, organize, and disseminate the information American companies can use to defend themselves from technology theft.
Data
Much of the data 2430 Group relies on is free and comes from companies, individuals, and the web free of charge. However, 2430 also depends on and must pay for commercial data.
Software and scaling tools
Organizing and scaling data requires software, some of which 2430 Group develops in-house, and some of which 2430 Group must purchase.

Contact Us
- To learn more about threats to your organization and IP;
- To contribute or get involved;
- To ask questions or offer suggestions.