The anonymous grouping of Intrusion Truth continues to deanonymize Chinese “government hackers.” This time, the data on the alleged members of APT17 were made public.
Hacker Wars: Deanonimization of Government Cyber Specialists
This is the third time Intrusion Truth publishes its revelations and deanonymizes the participants of Chinese cyberspy groups. Thus, in 2018, the personal data of three citizens of the PRC, who allegedly were members of APT10 and worked for the Ministry of State Security of the PRC, were made public. And even earlier, in 2017, several members of APT3 were subjected to doxing. Interestingly, each time shortly after the publication of publications, the US Department of Justice charged several members of these cyber espionage groups.
Evidence of Government Involvement
Now Intrusion Truth has published information about three individuals who are allegedly related to the APT17 group (it’s also DeputyDog, Tailgater Team, Hidden Lynx, Voho, Group 72 and AuroraPanda). This group is known for a series of cyber attacks, mostly taking place in the early 2010s. Then, hacker targets were everything from private companies to government agencies in countries around the world. I also remind you that it is APT17 that is associated with the compromise of the CCleaner application that occurred in 2017.
The new Intrusion Truth data concerns a person who manages four Chinese companies who are allegedly officers of the Ministry of State Security of China, as well as two more hackers who worked for these companies. All of them are based in Jinan City, the capital of Shandong Province.
In 2017, when Intrusion Truth first announced that APT3 was hiding under the banner of Boyusec (contractor of the Ministry of National Security of China), it was hard for many to believe. But soon the findings of anonymous whistleblowers were confirmed by analysts from the company Recorded Future, and then the Ministry of Justice filed accusations. At this time, the possible connection between APT17 and the Chinese authorities is unlikely to surprise anyone. Now, the information security community is rather wondering whether the Ministry of Justice will follow the charges as it has done in previous years.