Threat Management, Threat Intelligence, Security Strategy, Plan, Budget

APT-hunting group claims China’s Security Ministry is behind APT17

Researchers at Intrusion Truth are claiming the cyberespionage group APT17 is operated by the Jinan bureau of the Chinese Ministry of State Security (MSS).

Intrusion Truth is an online anonymous group of cybersecurity analysts who investigate and expose APT groups linked to the Chinese government.   

APT17 is believed to have been behind a series of attacks conducted earlier this decade against government entities, the defense industry, IT and finance companies, and even law firms in countries across the globe, according to several SC Media reports.

Now, in a July 24 blog post, Intrusion Truth revealed details of three individuals who they believe are members of the group, all of whom are located in the city of Jinan, the capital of China's Shandong province.

One of the members of the group is believed to be an officer of the Chinese Ministry of State Security (MSS) who also runs four Chinese companies; namely, Jinan Quanxin Fangyuan Technology, Jinan Anchuang Information Technology, Jinan Fanglang Information Technology and RealSOI Computer Network Technology.

The other two members are believed to be a representative of the Jinan Fanglang company, and an actor who uses the online profile 'envymask.'

Intrusion Truth is also noted for revealing the identities of other individuals that it claimed were members of two other Chinese hacking groups, APT3 and APT10, in revelations that eventually lead to DOJ indictments in May 2017 and August 2018.

It is unclear if the most recent revelation will have similar results. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.