APT-hunting group claims China's Security Ministry is behind APT17

News by Robert Abel

Intrusion Truth has named three individuals as members of cyber-espionage group APT17, all of whom are located in the city of Jinan, the capital of China's Shandong province.

Researchers at Intrusion Truth are claiming the cyber-espionage group APT17 is operated by the Jinan bureau of the Chinese Ministry of State Security (MSS).

Intrusion Truth is an online anonymous group of cyber-security analysts who investigate and expose APT groups linked to the Chinese government.   

APT17 is believed to have been behind a series of attacks conducted earlier this decade against government entities, the defence industry, IT and finance companies, and even law firms in countries across the globe, according to several SC Mediareports.

Now, in a blog post on 24 July, Intrusion Truth revealed details of three individuals who they believe are members of the group, all of whom are located in the city of Jinan, the capital of China’s Shandong province.

One of the members of the group is believed to be an officer of the Chinese Ministry of State Security (MSS) who also runs four Chinese companies; namely, Jinan Quanxin Fangyuan Technology, Jinan Anchuang Information Technology, Jinan Fanglang Information Technology and RealSOI Computer Network Technology.

The other two members are believed to be a representative of the Jinan Fanglang company, and an actor who uses the online profile ‘envymask.’

Intrusion Truth is also noted for revealing the identities of other individuals that it claimed were members of two other Chinese hacking groups, APT3 and APT10, in revelations that eventually lead to DOJ indictments in May 2017 and August 2018.

It is unclear if the most recent revelation will have similar results.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews