China (APT 40): Reports from two researchers calling themselves Intrusion Truth state that they have found evidence to link APT40 and other Chinese APT activity to job postings that are a front for companies to hire hackers. While looking through companies identified in the Hainan province, 13 of them had recruiting advertisements for penetration testers. Each company had a similar job description and the fact that the skills-seeking section was more on the aggressive end than the defensive end that would commonly be seen. Furthermore, the researchers managed to link a professor in the Information Security Department to the companies, and job descriptions with one of the front companies are based out of the library at the Hainan University where he works. The professor that was linked to the group’s recruitment is a former member of China’s military.
Analyst Notes
Intrusion Truth has been credible in the past–even helping the United States gather evidence to carry out indictments on two different occasions against Chinese APTs. APT40 has operated out of the Hainan province, based on previous research. This link of APT40 to the professor and the job descriptions could stall operations for APT40 while they attempt to stay out of the spotlight.
Full research from Intrusion Truth can be found in the following blog posts: https://intrusiontruth.wordpress.com/2020/01/09/what-is-the-hainan-xiandun-technology-development-company/–https://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu/
