An introduction to the Chinese-language underground

Chinese-speaking hacking activity is on the rise. In April, Kasperksy Lab revealed a rising number of APT operations and new threat actors in the region; earlier this month, an ongoing campaign targeting a national data center in the Central Asia was attributed to Chinese-speaking LuckyMouse; and new research from Symantec last week uncovered a Chinese-linked hacking group targeting US-based satellite companies.

Following on from our feature on the threat of the Spanish-language underground earlier this month, we talk to Mark Schaefer, an analyst on Flashpoint’s Asia-Pacific team, about what CSOs need to know about the threat from Chinese-language threat actors.


Can you explain how the Chinese-language cybercriminal underground differs from other communities?

The most striking difference that we have observed between the Chinese-language underground and other communities is that the former is much more dispersed. Chinese actors are not as reliant on traditional web forums; their places of congregation and methods of communication are fluid and dynamic. Chinese threat actors often rely on legitimate services offered to them within China (QQ, WeChat, Taobao, Baidu, Tieba, etc.) for communication because these platforms are ubiquitous in China, making communicating with other actors and finding resources convenient. At the same time, Chinese actors pivot across multiple chat rooms and threads among these platforms.

To continue reading...


« CIO Spotlight: Eric Johnson, Talend


C-suite talk fav tech: Melissa Di Donato, SAP ERP Cloud »
Kate Hoy

Kate Hoy is Editor of IDG Connect

  • twt
  • twt
  • Mail