Hackers vs. hackers. Intrusion Truth Group de-anonymized Chinese APT17 Members

The anonymous grouping Intrusion Truth continues to de-anonymize Chinese “government hackers.” Recently data on the alleged members of APT17 were made public.

[dropcap]T[/dropcap]his is the third time Intrusion Truth publishes its revelations and de-anonymizes participants of Chinese cyber-spy groups.

Thus, in 2018, personal data of three PRC citizens, who allegedly were members of APT10 and worked for the Ministry of State Security of the PRC, were made public. Even earlier, in 2017, several members of APT3 became subjects of doxing.

Interestingly, each time soon after the publication, the US Department of Justice charged several members of these cyber espionage groups.

Now Intrusion Truth has published information about three individuals who are allegedly related to the APT17 group (it’s also DeputyDog, Tailgater Team, Hidden Lynx, Voho, Group 72 and AuroraPanda). This group famous for a series of cyberattacks, mostly taking place in the early 2010s. Hackers’ goals were everywhere, from private companies to government agencies around the world.

Read also: Hackers learned to fake company executives’ voices and have already stolen millions of dollars

It is also worth recalling that APT17 is associated with the compromise of the CCleaner application, which occurred in 2017.

The new Intrusion Truth data concerns a person who manages four Chinese companies and who is allegedly an officer in the Ministry of State Security of China.

“We discovered two IT Security Companies based in Jinan, affiliated with a Chinese individual who studied Information Security to Masters level. Our source claims that individual is an active MSS Officer involved in Cyber operations. One of the companies appears to have some sort of healthcare company front, whilst simultaneously claiming to be an SSSD InfoSec contractor. And employees use alias names on QQ when dealing with Antorsoft”, — report in Intrusion Truth.

Intrusion Truth also revealed names of two more hackers who worked for these companies. All companies are based in Jinan City, the capital of Shandong Province.

In 2017, when Intrusion Truth first announced that APT3 was hiding under the banner of Boyusec (contractor of the Ministry of National Security of China), it was hard for many to believe. However, soon analysts from the Recorded Future company confirmed the findings of anonymous whistleblowers, and then the Ministry of Justice filed charges.

[box]Nowadays, possible connection between APT17 and the Chinese authorities is unlikely to surprise anyone. Now, the information security community is rather wondering whether the Ministry of Justice will follow the charges as it has done in previous years.[/box]

About the author

Sophia Zimmerman

High-quality tech & computer security copywriter, SEO editor & online marketing consultant

Leave a Comment