A group of cyber security analyst, Intrusion Truth have found their fourth Chinese state-sponsored hacking operation APT 40.
“APT groups in China have a common blueprint: contract hackers and specialists, front companies, and an intelligence officer,” the Intrusion Truth team said. “We know that multiple areas of China each have their own APT.”
APT stands for Advanced Persistent Threat and is used to describe government supported and sponsored hacking groups.
Intrusion Truth has previously exposed three government supported APTs, APT3 (believed to operate out of the Guangdong province), APT10 (Tianjin province), and APT17 (Jinan province), they have now doxed APT40, China’s cyber apparatus in the state of Hainan, an island in the South China Sea.
In a blog post, they said they’ve discovered 13 companies that serve as a front for APT activists. These companies use offline details, overlapping contacts and no online presence except to recruit cyber experts.
“Looking beyond the linked contact details though, some of the skills that these adverts are seeking are on the aggressive end of the spectrum,” the Intrusion Truth team said.
“While the companies stress that they are committed to information security and cyber-defense, the technical job adverts that they have placed seek skills that would more likely be suitable for red teaming and conducting cyber-attacks,” they further said.
APT40 RECRUITMENT MANAGED BY A PROFESSOR
Intrusion Truth was able to link all these companies mentioned above to a single person, a professor in the Information Security Department at the Hainan University.
One of the 13 companies was even headquartered at the university’s library. This professor was also a former member of China’s military.
“[Name redacted by ZDNet] appeared to manage a network security competition at the university and was reportedly seeking novel ways of cracking passwords, offering large amounts of money to those able to do so,” the anonymous researchers said.Intrusion Truth are pretty credible and have a good track record, US authorities have investigated two of their three APT expose.