Intrusion Truth, an online group of anonymous cyber-security analysts, have doxed another cyber-espionage hacking group linked to the Chinese government.
This is the third Chinese cyber-espionage group (also known as an APT, or advanced persistent threat) that Intusion Truth has doxed in as many years.
Another year, another Chinese APT dox
Now, Intrusion Truth is back with another series of exposés. Over the past week, the shadowy white-hat group has published details about three individuals it believes are behind APT17.
APT17 is a codename -- together with Deputy Dog and Axiom -- that cyber-security firms have assigned to the group of hackers responsible for a series of similar cyberattacks that have happened in the early 2010s [1, 2, 3, 4, 5], and which have targeted everything from private companies to government agencies, in countries all over the world.
Intrusion Truth has now doxed a man running four Chinese companies and believed to be an officer of the Chinese Ministry of State Security, along with two hackers [1, 2], both who are believed to have worked for the named companies.
The thing the three have in common is their location in the city of Jinan, the capital of China's Shandong province.
According to Intrusion Truth, these three individuals are some of APT17's members, and they are allegedly operating as contractors for the Jinan bureau of the Chinese Ministry of State Security (MSS), for which they carried out on-demand hacking operations.
MSS involvement is not a shocker anymore
Intrusion Truth's assertment that "APT17 is run by the Jinan bureau of the Chinese Ministry of State Security," isn't actually a novel or shocking concept anymore.
In 2017, when Intrusion Truth first made its bold claims that APT3 was a company named Boyusec, a Guangdong contractor for the Chinese Ministry of State Security, the cyber-security world had a hard time believing their claims.
Nevertheless, a few months later, cyber-security firm Recorded Future independently confirmed Intrusion Truth findings -- which later resulted in DOJ charges, giving the group immense credibility.
At the time, Recorded Future's report described the MSS internal structure, and how the Chinese government was using a network of local MSS branches in major provinces to hire independent contractors to conduct hacking against foreign companies and government networks.
Taking into account these details, Intrusion Truth's latest exposé that APT17 is run by a local MSS bureau isn't such a shocker as it was back in 2017.
After the APT3 and APT10 exposés, people aren't wondering if Intrusion Truth is right anymore. The question on everyone's lips is if the DOJ will follow through with new indictments, as it did in previous years.
A constant hum from Chinese hackers
But while the cyber-security world waits for new charges, Chinese hackers are continuing their hacking sprees, unabatted by both past DOJ charges or name-and-shame strategies.
Today, newspapers in France and Germany revealed two massive Chinese hacking operations, which, even if not connected to APT17, show China's incredibly vast cyber-espioange aparatus.
In France, L'Opinion revealed how Chinese hackers broke into the email accounts of a French candidate for the leadership of the UN Organization for Agriculture and Food (FAO) days before the official election, which was eventually won by the Chinese diplomat.
In Germany, journalists revealed a barrage of cyber-attacks aimed at Germany's biggest companies, such as Siemens, Bayer, Rouche, Thyssenkrupp, Teamviewer, Valve, Gameforge, and more.
Related cybersecurity coverage:
- Gigabyte and Lenovo servers impacted by common BMC firmware flaws
- Google bans DarkMatter certificates from Chrome and Android
- Oracle: China's internet is designed more like an intranet
- 93% of porn sites leak data to a third-party
- Kazakhstan's HTTPS interception efforts target Facebook, Google, Twitter, others
- NSA to establish a defense-minded division named the Cybersecurity Directorate
- iOS developers still failing to build end-to-end encryption into apps TechRepublic
- The best identity theft monitoring services for 2019 CNET