Natto Thoughts

Natto Thoughts

i-SOON Toolkit: What is “TZ”?

Network investigation and reconnaissance work is so critical for the Chinese Public Security bureaus that it needs a code name, “TZ.”

Natto Team's avatar
Natto Team
Apr 24, 2024
∙ Paid

The Natto Team and many other cyber threat intelligence (CTI) analysts have seized the rare opportunity presented by the leak of Chinese hacker-for-hire company i-SOON’s internal messages. The leaked materials allow us to cross-examine past research findings ; explore threat actors’ tactics, techniques and procedures (TTPs); and probe the motivations and intents of Chinese threat actors. The Natto Team has found one aspect of i-SOON leaked documents that has not been discussed much. This is “TZ”, two letters in the Latin alphabet, likely an acronym. It appears more than 80 times across the over 570 leaked documents, including chat logs, product marketing white papers, compromised data samples, screenshots and images. What does TZ stand for? Interestingly, no explanation can be found through the documents. Even i-SOON’s product marketing whitepaper, Integrated Combat Platform (一体化作战平台), mentioned TZ 17 times, but it did not explain what TZ stood for or meant. It sounds as if TZ was a c…

User's avatar

Continue reading this post for free, courtesy of Natto Team.

Or purchase a paid subscription.
© 2026 Natto Thoughts · Privacy ∙ Terms ∙ Collection notice
Start your SubstackGet the app
Substack is the home for great culture