It has been over a month after the massive leak of i-SOON, a Chinese information security company, revealed the operations of China’s hacker-for-hire industry. We have seen many insightful reports about the i-SOON leak, analyzing i-SOON’s commercial offering; diving deeply into i-SOON’s company culture, “fueled by influence, alcohol and sex”; and utilizing analysis of competing hypothesis (ACH) to assess who was responsible for the i-SOON leak. However, there are still many unanswered questions related to the leak and what it all means in terms of understanding Chinese threat groups, conducting threat analysis and preventing or mitigating future attacks. While the Natto Team has received many inquiries from the media and discussed the leak with experts from the industry, we would like to present these unanswered questions and our think-out-loud Natto Thoughts for the community to explore further.

Operations Security

Why do i-SOON and similar companies …