Natto Thoughts

China’s National Research Center for Information Technology Security: Is It Part of the PLA Cyberspace Force?

Under “Two signboards” arrangement, the NITSC offers services to public, Party, government, and military entities, under the guise of a civilian name.

17 hrs ago • Natto Team

3

3

The Tianfu Cup Returns Under MPS Leadership as AI Takes Center Stage

After a two-year hiatus, the Tianfu Cup returns under MPS lead, combining AI-assisted vulnerability discovery and exploitation, a new competition track…

Feb 11 • Eugenio Benincasa

5

6

January 2026

Provincial Tasking, Cross-Provincial Execution: A Case-Based Look at How China Scales Cyber Operations

How decentralized MSS and MPS tasking and market-enabled, cross-provincial execution by commercial firms shape the scale of China’s cyber operations

Jan 28 • Eugenio Benincasa

8

5

China’s 2025 Top 20 Cybersecurity Companies: Which “Dark Horses” Will Emerge to Prominence in 2026?

Annual ranking reveals hyper-competitive, innovation-focused top performers – some familiar and some not so well known, with extensive government ties

Jan 14 • Natto Team

4

3

A Look Back at the Top 5 Natto Thoughts Reports in 2025

From attack–defense thinking to vulnerability research and exposed threat actors, we explored key aspects of China’s cyber ecosystem

Jan 6 • Natto Team

6

2

December 2025

The Many Arms of the MSS: Why Provincial Bureaus Matter in China’s Cyber Operations

Provincial bureaus of the Chinese Ministry of State Security likely operate with their own tasking priorities, resources, and local ecosystems for cyber…

Dec 16, 2025 • Eugenio Benincasa and Natto Team

15

2

8

Knownsec: The King of Vulnerability Missed Three Vulnerabilities of Its Own

The leak incident involving Chinese cybersecurity firm Knownsec shows the company’s seemingly transparent crisis management strategy and underscores its…

Dec 3, 2025 • Natto Team

4

4

November 2025

China’s Cybersecurity Companies Advancing Offensive Cyber Capabilities Through Attack-Defense Labs

Private-sector attack-defense labs form a core pillar of how China builds, sustains, and operationalizes cyber capability for commercial purposes and…

Nov 19, 2025 • Eugenio Benincasa and Natto Team

14

4

7

A Researcher Came Knocking, and Taught China a Lesson in How to Manage Vulnerabilities -- and Researchers

A TCL TV vulnerability disclosure drove home the message: to protect its economic and political clout, China must heed global vulnerability researchers…

Nov 5, 2025 • Natto Team

10

4

October 2025

Beyond the Aliases: Decoding Chinese Threat Group Attribution and the Human Factor

Examining the overlap between APT27, HAFNIUM, and Silk Typhoon through recent U.S. government disclosures, and why understanding the humans behind the…

Oct 22, 2025 • Natto Team

7

3

China’s Vulnerability Research: What’s Different Now?

China’s bug-hunting scene is maturing - more players, bigger prizes, tighter structure, and a growing focus on domestic products, driven by profit…

Oct 8, 2025 • Eugenio Benincasa and Natto Team

20

4

September 2025

Who is Salt Typhoon Really? Unraveling the Attribution Challenge

How overlapping APT groups and Chinese companies complicate attribution in state cyber operations

Sep 24, 2025 • Natto Team

8

1

4