In the summer of 2005, Tan Dailin was a 20-year-old grad student at Sichuan University of Science and Engineering when he came to the attention of the People’s Liberation Army of China.
Tan was part of a burgeoning hacker community known as the Honkers—teens and twentysomethings in late-’90s and early-’00s China who formed groups like the Green Army and Evil Octal and launched patriotic cyberattacks against Western targets they deemed disrespectful to China. The attacks were low-sophistication—mostly website defacements and denial-of-service operations targeting entities in the US, Taiwan, and Japan—but the Honkers advanced their skills over time, and Tan documented his escapades in blog posts. After publishing about hacking targets in Japan, the PLA came calling.
The subsequent timeline of events is unclear, but Tan, who went by the hacker handles Wicked Rose and Withered Rose, then launched his own hacking group—the Network Crack Program Hacker (NCPH). The group quickly gained notoriety for winning hacking contests and developing hacking tools. They created the GinWui rootkit, one of China’s first homegrown remote-access backdoors and then, experts believe, used it and dozens of zero-day exploits they wrote in a series of “unprecedented” hacks against US companies and government entities over the spring and summer of 2006. They did this on behalf of the PLA, according to Adam Kozy, who tracked Tan and other Chinese hackers for years as a former FBI analyst who now heads the SinaCyber consulting firm, focused on China.
Tan revealed online at the time that he and his team were being paid about $250 a month for their hacking, though he didn’t say who paid or what they hacked. The pay increased to $1,000 a month after their summer hacking spree, according to a 2007 report by former threat intelligence firm VeriSign iDefense.
At some point, Tan switched teams and began contracting for the Ministry of State Security (MSS), China’s civilian intelligence agency, as part of its notorious hacking group known as APT 41. And in 2020, when Tan was 36, the US Justice Department announced indictments against him and other alleged APT 41 members for hacking more than 100 targets, including US government systems, health care organizations, and telecoms.
Tan’s path to APT 41 isn’t unique. He’s just one of many former Honkers who began their careers as self-directed patriotic hackers before being absorbed by the state into its massive spying apparatus.
Not a lot has been written about the Honkers and their critical role in China’s APT operations, outside of congressional testimony Kozy gave in 2022. But a new report, published this month by Eugenio Benincasa, senior cyberdefense researcher at the Center for Security Studies at ETH Zürich university in Switzerland, expands on Kozy’s work to track the Honkers’ early days and how this group of skilled youths became some of China’s most prolific cyberspies.
“This is not just about [Honkers] creating a hacker culture that was implicitly aligned with national security goals,” Benincasa says, “but also the personal relations they created [that] we still see reflected in the APTs today.”
Early Days
The Honker community largely began when China joined the internet in 1994, and a network connecting universities and research centers across the country for knowledge-sharing put Chinese students online before the rest of the country. Like US hackers, the Honkers were self-taught tech enthusiasts who flocked to electronic bulletin boards (dial-up forums) to share programming and computer hacking tips. They soon formed groups like Xfocus, China Eagle Union, and The Honker Union of China and came to be known as Red Hackers or Honkers, a name derived from the Mandarin word “hong,” for red, and “heike,” for dark visitor—the Chinese term for hacker.
The European Commission is making available €145.5 million to empower small and medium-sized enterprises and public administrations in deploying cybersecurity solutions and adopting the results of cybersecurity research.
For this purpose, the European Cybersecurity Competence has launched two calls for proposals.
The first call is part of the Digital Europe Programme, with a budget of €55 million. €30 million of this amount will enhance the cybersecurity of hospitals and healthcare providers, helping them detect, monitor, and respond to cyber threats, particularly ransomware. This will boost the resilience of the European healthcare system, especially in the current geopolitical context, aligning with the EU action plan on cybersecurity in hospitals and healthcare.
The second call, under Horizon Europe Programme, has a budget of around €90.5 million. It will support the use and development of generative AI for cybersecurity applications, new advanced tools and processes for operational cybersecurity, and privacy-enhancing technologies as well as post-quantum cryptography.
The deadline for applications to the first call is 7 October, and for the second, it is 12 November. Both calls for proposals are managed by the European Cybersecurity Competence. The eligibility criteria and all relevant call documents are available on the Funding and Tenders portal.
Related topics
Cybersecurity Artificial intelligence Digital Europe Programme Funding for Digital Horizon Europe
Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.
As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before.
Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month?
Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into the direct messages of several cybersecurity professionals and researchers on X in the last couple of weeks.
Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery.
The Commission has presented a proposal to ensure an effective and efficient response to large-scale cyber incidents.
The Commission has presented an EU Action Plan to strengthen the cybersecurity of hospitals and healthcare providers. This initiative is a key priority within the first 100 days of the new mandate, aiming to create a safer and more secure environment for patients.
In 2023 alone, EU countries reported 309 significant cybersecurity incidents targeting the healthcare sector – more than any other critical sector. As healthcare providers increasingly use digital health records, the risk of data-related threats continues to rise. Many systems can be affected, including electronic health records, hospital workflow systems, and medical devices. Such threats can compromise patient care and even put lives at risk.
Sophos went so far as to plant surveillance “implants” on its own devices to catch the hackers at work—and in doing so, revealed a glimpse into China's R&D pipeline of intrusion techniques.
Ukrainian hackers carried out a cyberattack that took down online broadcasts of Russian state television and radio channels on Monday, according to an official in Kyiv with knowledge of the operation.
#A #Dmitry #Emerging #Europe #Infrastructure #Markets #Media #Peskov #Putin #Radio #Russia #Ukraine #Vladimir #business #cybersecni #cybersecurity #politics #technology
Overview While investigating CVE-2024-5932, a code injection vulnerability in the GiveWP WordPress plugin, our team encountered a malicious Proof of Concept (POC) targeting cybersecurity professionals. This has become a growing threat to cybersecurity professionals from […]
APT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group.
Please don’t, actually. But do update your Shimano Di2 shifters’ software to prevent a new radio-based form of cycling sabotage.
#bicycles #cyberattacks #cybersecurity #cycling #fitness #hacks #security
EU Member States, with the support of the European Commission and ENISA, the EU Agency for Cybersecurity, published the first report on the cybersecurity and resilience of Europe’s telecommunications and electricity sectors.
A cohort of Russian-speaking hackers is demanding $50 million from a UK lab-services provider to end a ransomware attack that has paralyzed services at London hospitals for weeks, according to a representative for the group.
#Britain #Cancer #Ciaran #Europe #Government #Great #HEALTH #Kingdom #London #Martin #NATIONAL #Regulation #SERVICE #United #business #cybersecni #cybersecurity #technology
The report shares statistics and observations from incident response practice in 2023, analyzes trends and gives cybersecurity recommendations.
#Cybersecurity #Incident #Internal #LockBit #Ransomware #Security #Statistics #Threats #response #services
Hackers linked to Beijing’s security services targeted European politicians to gather sensitive data.
Sources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.
Microsoft has stumbled through a series of major cybersecurity failures over the past few years. Experts say the US government’s reliance on its systems means the company continues to get a free pass.
Officials handling security and defense issues were the target of phone hacking, internal email says.
