Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


2022-12-24 22:00   No-limits relationship? China’s state hackers scoop up intelligence on Ukraine… and Russia    #intrusiontruth #安全文章 As we near the end of 2022 we wanted to finish with our opinion related to the Chinese hacker paradise. Not the beaches on Hainan island, but the networks of Ukraine and Russia… This is something we have taken an interest in since we Tweeted on 15 March 2022 so wanted to pull together some &#8

2022-07-24 20:20   Chinese APTs: Interlinked networks and side hustles    #intrusiontruth #安全文章 As FireEye pointed out on their APT41 overview, there is a high degree of malware and certificate overlaps across Chinese APTs but two in particular stand out as almost identical in their use of malware code – 41 and 17.  Remember Mr. Zeng Xiaoyong (aka envymask)? As readers will know, we named

2022-07-23 20:17   The people behind Chengdu 404    #intrusiontruth #安全文章 In the previous articles, we touched upon Chengdu 404 as a front company. This article serves to focus on the individuals behind the company who have been named by the US as cyber criminals. The indicted trio are: Qian Chuan (钱川), Jiang Lizhi (蒋⽴志), and Fu Qiang (付强).  Qian Chuan (钱川) Qian Chua

2022-07-22 20:15   Chengdu 404    #intrusiontruth #安全文章 In our last article, we highlighted the social links between APT41 actors, focusing on two of the five APT41 members: Tan Dailin and Zhang Haoran. Tan and Zhang, along with their other 3 conspirators (more on them tomorrow) worked for a company based in Chengdu’s high-tech zone called Chengdu Si Lin

2022-07-21 20:06   The old school hackers behind APT41    #intrusiontruth #安全文章 In an FBI indictment released in 2020, it reported five hackers with substantiated links to APT41: all criminal hackers based in Chengdu, Sichuan province. Seems Chengdu is getting somewhat of a hacker reputation.  Let’s start with arguably the most notorious and well known of these five hacker

2022-07-20 23:03   APT41: A Case Sudy    #intrusiontruth #安全文章 As you know, we have been dedicated for some time now to revealing the truth behind state-sponsored, managed or directed intrusion sets. We have learnt more about the way in which the Chinese state conduct their criminal cyber activity and how it has evolved over the years. Chinese APT groups are ag

2022-02-04 18:28   XI JINPING’S DATA HOOVERING    #intrusiontruth #安全文章 Athletes beware: the 2022 Winter Olympics provide Xi Jinping with a golden opportunity to test his new data hoovering tools.  Let’s take a look at China’s digital currency, the e-CNY, and how athletes could be tricked into helping the Chinese state fine-tune its latest surveillance weapon. With

2021-09-20 17:01   Hello Lionel Richie    #intrusiontruth #安全文章 An interesting turn of events occurred whilst releasing our article series on Lonely Lantern (the Ch

2021-07-29 17:00   An (in)Competent Cyber Program – A brief cyber history of the ‘CCP’    #intrusiontruth #安全文章 Every so often, we like to take the opportunity to step back from our regular OSINT sleuthing and ta

2021-05-20 16:30   Epilogue    #intrusiontruth #安全文章 Recap In our last article, we identified Mr Zhao Jianfei as the MSS officer supporting Chinese hacke

2021-05-13 16:30   Who is Mr. Zhao?    #intrusiontruth #安全文章 In our last article, we identified a number of front companies used by two Chengdu-based indicted ha

2021-05-06 19:57   An APT with no name    #intrusiontruth #安全文章 When the 7th July indictment was released naming two Chinese hackers affiliated with the Guangdong S

2020-01-16 17:00   APT40 is run by the Hainan department of the Chinese Ministry of State Security    #intrusiontruth #安全文章 In our previous articles we identified a network of front companies for APT activity in Hainan and s

2020-01-15 21:00   Hainan Xiandun Technology Company is APT40    #intrusiontruth #安全文章 You knew where this was heading. In our previous articles we identified a constellation of front com

2020-01-14 21:00   Who is Mr Ding?    #intrusiontruth #安全文章 We started by stating that Chinese APTs have a blueprint that us applied in multiple regions across