Natto Thoughts: Name-and-Shame

Wars without Gun Smoke: China Plays the Cyber Name-and-Shame Game on Taiwan and the U.S.

Eugenio Benincasa — Wed, 16 Apr 2025 16:01:16 GMT

On March 13, 2025, Taiwan’s president Lai Ching-te declared that China was a “foreign hostile force” exploiting Taiwan’s freedoms to “divide, destroy, and subvert us from within” and introduced 17 major strategies to respond to threats from China against Taiwan. Four days later, on March 17, 2025, the Chinese Ministry of State Security (MSS), posting on its public account on Chinese messaging app WeChat, named four Taiwan citizens who allegedly are members of Taiwan’s Information, Communications and Electronic Force Command (ICEFCOM, 國防部资通电軍指揮部)1 “linked to ‘Taiwan independence forces’.” On the same day, three Chinese information security companies, Qi An Xin, Antiy, and DBAPPSecurity (a.k.a. Anheng Information), simultaneously published reports on alleged Taiwan-linked APT group PoisonVine (毒云藤)2 (a.k.a APT-C-01, GreenSpot (绿斑), APT-Q-20). Evidently, this was a coordinated action led by the MSS.

Nearly a month later, on April 15, 2025, the Harbin Public Security Bureau—a regional office…

China Joins the Name-and-Shame Game

Natto Team — Fri, 29 Sep 2023 03:31:11 GMT

Among the various high-profile activities at China’s annual Cybersecurity Week this year, the National Computer Virus Emergency Response Center (CVERC), a “national cyber defense agency of China” and Qihoo 360, one of China’s top cybersecurity companies, claimed to have identified the “true identity” of the US National Security Agency (NSA) personnel responsible for launching a cyberattack against Northwestern Polytechnical University (NPU), a leading Chinese aviation university, when the NPU reported the incident in June 2022, according to Chinese state media outlet Global Times. Global Times cited “relevant sources” who said the real identities of these individuals “will be disclosed through the media in due course.” The CVERC and Qihoo 360 allegedly extracted “multiple samples of the spyware named SecondDate” which was used in the attack and described some of the functionalities of the SecondDate spyware. The report cited “relevant sources” as stating that the investigation involve…

China as a Target of Cyberattacks: What China Says About Who Are in Their Systems

Natto Team — Fri, 04 Aug 2023 03:23:26 GMT

Recent reports from the New York Times, Moscow-based multinational cybersecurity firm Kaspersky, and Microsoft have depicted multiple Chinese advanced persistent threat (APT) groups targeting critical military, government and industrial infrastructure to “establish a permanent channel for data exfiltration”, using sophisticated techniques such as forging tokens for authenticating enterprise accounts. As Chinese APT groups - a term that usually refers to nation state-backed hackers - are keeping defenders busy, foreign APT groups also target China. Qi AN Xin (奇安信)(QAX), a top information security company in China with ties to the Chinese government, published its 2023 Mid-year Global APT Report (全球高级持续性威胁(APT)2023年中报告) in Chinese in July. The QAX report used data from QAX’s own Threat Intelligence Center (TIC) and from 177 publicly available APT reports. The report enumerates the top APT groups QAX has seen targeting Chinese organizations during the first six months of 2023, as well …