‘Intrusion Truth’, The Mysterious Group Doxxing China’s Hacking Army

An anonymous group calling itself Intrusion Truth has exposed members of APT10, an elite Chinese hacking unit that has targeted aerospace, engineering, and manufacturing firms to steal trade secrets, including from the US government.

Since mid-summer, Intrusion Truth has published a list of alleged names of individual APT10 hackers. Sources with knowledge of APT10’s operations told Motherboard some of the details in Intrusion Truth’s blog posts and tweets match other data points on the Chinese group.

Intrusion Truth’s controversial approach of anonymously unmasking government-backed hackers and exposing a foreign intelligence agency is something new and seen as a method to put pressure on Chinese companies cooperating with state-sponsored hacking efforts.

“We will work with companies, private analysts, hackers, governments—whoever can provide the data that we need,” a spokesperson of Intrusion Truth told Motherboard via email.

China has hacked its way to the second largest economy in the world. It has stolen other nation’s manufacturing secrets for years, stealing military fighter jet schematics and information on solar power, among other industrial secrets. The hacking became so bad that former President Obama brokered a deal with Chinese President Xi. In 2015, the two countries reached an agreement to stop hacking focused on the theft of intellectual property. However, the deal did not last long, as China stole 614 gigabytes of submarine secrets from a US Navy contractor earlier this year.

US officials and security analysts have linked Chinese hackers for years to government-backed hacks into US firms. China has since denied involvement in the hacks.

Intrusion Truth’s anonymity might be a clue to its identity. Some large corporations and security companies that employ researchers who track China’s hackers might be hesitant to release findings for concern of retaliation from China’s government, said Ben Read, who manages cyberespionage investigations at FireEye Inc.

On Thursday morning, Bloomberg reported a new massive hack, China used tiny microchips on computer motherboards to gain access to almost 30 US companies’, including Amazon and Apple, technology supply chains.

This type of wide-spread industrial espionage that Intrusion Truth is motivated against.

“Intellectual property theft is a global confrontation fought between the West and its online adversaries, mainly China. This theft damages hard-working individuals, their companies and entire economies through lost revenue and competition that is completely unfair,” Intrusion Truth told Motherboard.

“Until recently, China has been winning—it has acted with impunity, stealing data using commercial hackers that it pays and tasks but later claims are criminals. The use of commercial hackers is a deliberate attempt to circumvent the statements that China has made committing to stop this illegal activity,” the group added.

In a first, Intrusion Truth unmasked individual alleged Chinese hackers, posted photographs, and even showed their places of work through Uber receipts. There was even evidence that some hackers were traveling to buildings operated by China’s intelligence agency.

Thomas Rid, a professor at Johns Hopkins University, told Motherboard this kind of internet sleuthing is advance, and the language skills, tools and research abilities to pull off something like this is of a professional.

“It’s somebody who is professional,” he said, “somebody who knows what they’re doing.”

According to one theory, the group may work for a corporate victim of Chinese hackers.

Intrusion Truth has posted 40 tweets to Twitter dating back from April 2017 and more than a dozen articles to the blog site Medium over the past year. In them is evidence linking Chinese companies to a suspected China-backed hacking group known as APT 3 and another known as APT 10, or Stone Panda, giving the public an understanding of the continued threat of Chinese hacking.

“APT 10 is one of the most active groups we track,” said Mr. Read. The group has hacked multinationals from Japan, Europe, and US.

Intrusion Truth focused on several Chinese companies, alleging they are connected to government-backed hacking programs.

“We are focusing our efforts on determining whether these are just ‘companies that hack,’ or would they be better described as fronts enabling the Chinese state to employ hackers who can later be scapegoated as criminals?” Intrusion Truth tweeted in August.

Last year, Intrusion Truth said two employees of Guangdong Bo Yu Information Technology Co., were part of APT 3. Six months later, US officials indicted the men—Wu Yingzhuo and Dong Hao—saying they were involved in hacking Moody’s Analytics and Siemens AG.

Intrusion Truth also linked internet domains and email addresses associated with websites used by APT 10 to two other Chinese companies, Tianjin Huaying Haitai Science and Technology Development Co. and Laoying Baichaun Instruments Equipment Co.

“We will never name ourselves or those who work with us. Our ability to contest China’s despicable activities in Cyberspace is derived precisely from our anonymity,” Intrusion Truth concluded. “That, and our willingness to tell the whole truth.”

On top of the tit-for-tat exchanges between US-China on economic, political and military fronts, it now seems the battlefield is expanding to cyberspace. As a group of anonymous hackers (most likely tied to corporate America) has launched a counterattack deep within China — exposing a massive cyberespionage ring that has stolen countless secrets from manufacturing, aerospace, and engineering firms over the years.