Professional Documents
Culture Documents
of front companies
A group of anonymous security analysts have tracked down 13 front companies
operating in the island of Hainan through which they say the Chinese state has
been recruiting hackers.
By Catalin Cimpanu for Zero Day | January 13, 2020 -- 17:01 GMT (17:01 GMT) | Topic: Security
SPECIAL FEATURE
"APT groups in China have a common blueprint: contract hackers and specialists, front
companies, and an intelligence officer," the Intrusion Truth team said. "We know that
multiple areas of China each have their own APT."
APT is an acronym used in the cyber-security field. It stands for Advanced Persistent
Threat and is often used to describe government-sponsored hacking groups.
After previously exposing details about Beijing's hand in APT3 (believed to operate out of
the Guangdong province), APT10 (Tianjin province), and APT17 (Jinan province),
Intrusion Truth have now begun publishing details about China's cyber apparatus in the
state of Hainan, an island in the South China Sea.
Per FireEye, APT40 is a Chinese cyber espionage group that's been active since 2013.
The group typically targeted countries strategically important to China's Belt and Road
Initiative, especially those with a focus on engineering and defense.
In a blog post published last week, Intrusion Truth said it identified a network of 13
companies operating that serve as a front for Beijing's local APT activities.
These companies use overlapping contact details, share office locations, and don't have
any presence online except to recruit cyber-security experts with offensive security skills,
using almost identical job ads.
"Looking beyond the linked contact details though, some of the skills that these adverts
are seeking are on the aggressive end of the spectrum," the Intrusion Truth team said.
"While the companies stress that they are committed to information security and cyber-
defence, the technical job adverts that they have placed seek skills that would more likely
be suitable for red teaming and conducting cyber-attacks," they go on to say.
In fact, one of the 13 front companies they identified was headquartered in the University's
library.
This professor was also a former member of China's military, Intrusion Truth said.
Intrusion Truth has a pretty good track record to their name. From their previous three
Chinese APT doxes, US authorities have followed through with official indictments in two
cases -- namely APT3 and APT10 -- filling official charges against APT group members
in November 2017 and December 2018, respectively.
The APT17 dox was published in July 2019, and US authorities might have not had
enough time to gather the necessary evidence for an indictment yet.
Updated on Jan 17, 15:00 ET: In a follow-up blog post, Intrusion Truth formally accused
the Hainan department of the Chinese Ministry of State Security of being behind APT40.