25 July 2019

APT-doxing group revealed identities of alleged hackers behind Chinese-linked APT17 cyber-espionage outfit

APT-doxing group revealed identities of alleged hackers behind Chinese-linked APT17 cyber-espionage outfit

In its latest series of exposés the anonymous white-hat group Intrusion Truth has revealed the secret identities of individuals it claims are behind APT17 cyber-espionage group. APT17 (also known as Deputy Dog and Axiom) is a China-based hacking group, which is thought to be responsible for multiple cyberattacks against various organizations – from private companies to government entities all over the world.

According to Intrusion Truth, one of the members is a man called Guo Lin, who is believed to be an officer of the Chinese Ministry of State Security (MSS). He also appears to have links to four Chinese tech companies namely Jinan Quanxin Fangyuan Technology, Jinan Anchuang Information Technology, Jinan Fanglang Information Technology and RealSOI Computer Network Technology.

Two other members of APT17 are Wang Qingwei and Zeng Xiaoyong, according to Intrusion Truth. Wang Qingwei is a representative of the Jinan Fanglang company while Zeng Xiaoyong goes online under an alias of “envymask” and is a well-known member of Chinese hacking circles and is a member of the ph4nt0m group, Intrusion Truth claims.

All three of above-mentioned individuals live in the city of Jinan, the capital of Shandong province, and supposedly work as contractors for the Jinan bureau of the MSS conducting hacking operations on behalf of MSS.

It is not the first time when APT-doxing group exposed the identities of members of various hacking groups. In May 2017 and August 2018 Intrusion Truth identified several hackers involved in cyber operations carried out by Chinese-linked APT groups namely APT10 (Cloud Hopper) and APT3.

 

Back to the list

Latest Posts

New Mirai variant hides its C&Cs in Tor network for anonymity

New Mirai variant hides its C&Cs in Tor network for anonymity

The use of Tor network helps the malware operators to conceal its command and control servers and to avoid detection.
1 August 2019
New Android ransomware spreads via malicious posts on Reddit and XDA Developers forums

New Android ransomware spreads via malicious posts on Reddit and XDA Developers forums

After infecting an Android mobile device, Filecoder scans the victim's contact list and sends links on ransomware to all the entries in the list.
31 July 2019
Critical flaws in VxWorks RTOS impact over 2 billion devices, including routers, printers and SCADA

Critical flaws in VxWorks RTOS impact over 2 billion devices, including routers, printers and SCADA

URGENT/11 vulnerabilities pose a serious risk as they allow attackers to take over devices with no user interaction required.
30 July 2019
Featured vulnerabilities
Multiple vulnerabilities in FreeBSD
Medium Patched | 21 Aug, 2019
Denial of service in Siemens SCALANCE X Switches
Medium Not Patched | 21 Aug, 2019
Multiple vulnerabilities in Siemens SCALANCE Products
Medium Not Patched | 21 Aug, 2019