The Natto Team and many other cyber threat intelligence (CTI) analysts have seized the rare opportunity presented by the leak of Chinese hacker-for-hire company i-SOON’s internal messages. The leaked materials allow us to cross-examine past research findings ; explore threat actors’ tactics, techniques and procedures (TTPs); and probe the motivations and intents of Chinese threat actors. The Natto Team has found one aspect of i-SOON leaked documents that has not been discussed much. This is “TZ”, two letters in the Latin alphabet, likely an acronym. It appears more than 80 times across the over 570 leaked documents, including chat logs, product marketing white papers, compromised data samples, screenshots and images. What does TZ stand for? Interestingly, no explanation can be found through the documents. Even i-SOON’s product marketing whitepaper, Integrated Combat Platform (一体化作战平台), mentioned TZ 17 times, but it did not explain what TZ stood for or meant. It sounds as if TZ was a c…