PerspectiveLatest “Intrusion Truth” Data Dump Peels Back Layers on Chinese Front Companies

Intrusion Truth, the anonymous group which gained a name for itself by publishing detailed blog posts about suspected nation-state hackers, released new information last Thursday detailing how Chinese technology companies are recruiting attackers working on Beijing’s behalf.

Jeff Stone writes in Cyberscoop that

By identifying job postings seeking offensive cybersecurity skills, the group wrote, they found a number of companies in Hainan, a province in South China, all using the same language in their advertisements. Some of those companies have only a small web presence outside the job ads seeking offensive-minded computer specialists, suggesting to Intrusion Truth that employers actually are trying to recruit hackers for advanced persistent threat groups.

“We know that these companies are a front for APT activity,” states the blog post published Thursday.

This blog post is the first from Intrusion Truth since July 2019, when the group reported that a Chinese APT had offered to sell stolen data. Intrusion Truth emerged in April 2017 and, since then, intermittently has gone public with information purportedly exposing Chinese state-sponsored hacking efforts.

Sone writes that security researchers suggested that the data Intrusion Truth dumped was associated with APT40, a Chinese espionage group that FireEye says stole information from the U.S. Navy, among other targets.

The group’s hacking victims are consistent with China’s geopolitical interests and “there are multiple technical artifacts” indicating its based in China FireEye noted in a March 2019 report. For instance, researchers uncovered a file that included an IP address based in Hainan, China that “had been used to administer the command and control node that was communicating with malware on victim machines.”