Natto Thoughts: Contractors & Cutouts

Sichuan Silence Information Technology: Great Sounds are Often Inaudible

Natto Team — Wed, 04 Dec 2024 17:03:04 GMT

Update 12/10/2024: On December 10, 2024, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Sichuan Silence Information Technology company, and one of its employees, Guan Tianfeng, for involvement in compromise of firewall products and attempted ransomware attacks; the US Department of Justice unsealed an indictment on Guan; and the State Department announced a Rewards for Justice reward of up to $10 million for information on Guan, Sichuan Silence, associated individuals or entities, or their malicious cyber activity .

For five long years, Sophos, a United Kingdom (UK)-based information security company, battled Chinese nation-state threat actors who lobbed “botnets, novel exploits, and bespoke malware” against the company’s firewalls and other perimeter devices. Sophos described this battle in its October 2024 “Pacific Rim” report series. Many in the industry applauded Sophos for “being so forthcoming about attacks targeting their own products.” Ot…

Flax Typhoon-Linked Company Integrity Technology: a Competitor, Business Partner and Client of i-SOON

Natto Team — Wed, 25 Sep 2024 16:02:50 GMT

On September 18, 2024, US and allied government agencies released a Joint Cyber Security Advisory (joint advisory) announcing the exposure and takedown of a China-linked botnet that had used thousands of compromised routers and Internet of Things (IoT) devices for malicious cyber activity. The joint advisory stated that a Chinese information security company, Integrity Technology Group (Integrity Tech) “has controlled and managed a botnet active since mid-2021….As of June 2024, the botnet consisted of over 260,000 devices,” with victim devices observed in North America, South America, Europe, Africa, Southeast Asia and Australia. The attribution section of the joint advisory stated that Integrity Technology has “links to the PRC government” and that the intrusions and activity linked to the botnet are “consistent with the tactics, techniques, and infrastructure associated with the cyber threat group known publicly as Flax Typhoon, RedJuliett, and Ethereal Panda.” In an unsealed US sea…

Front Company or Real Business in China’s Cyber Operations

Natto Team — Wed, 22 May 2024 16:00:57 GMT

The Natto Team’s previous post about Intrusion Truth questioned the pattern Intrusion Truth identified in Chinese Ministry of State Security (MSS) cyber operations. Intrusion Truth described the pattern thus: “a regional office of the MSS (Ministry of State Security) creates a company, hires a team of hackers and attacks Western targets.” In this telling, the MSS creates a company which is commonly known as a front company. However, the i-SOON leaks confirm Natto Team’s previous assessments that the pattern is more nuanced. The MSS not only creates companies that are purely front companies, but also works with existing companies such as i-SOON, which are real businesses. The Natto Team assesses it is important to distinguish whether entities involved in cyber operations are front companies or real businesses.1 This nuance can help understanding the strategy, scalability, and persistency of China’s state-sponsored cyber operations.

Source: Natto Thoughts

Front Company Definition

According …