All roads lead back to Wuhan… Xiaoruizhi Science and Technology Company
As our readers know from our investigation into Hainan Xiandun Technology Development Company, the Intrusion Truth team have become quite adept at spotting a fishy front company when we see one.
Typically, these are ‘companies’ with a generic-sounding ‘technology’ name and a minimal online presence. They often post adverts on university websites looking for graduates with offensive cyber skills and, very importantly, foreign language expertise. The language of the adverts is vague, and often recycled from other, similar adverts posted online. The front companies provide contact details which just don’t seem to add up – such as numbers shared by other businesses. So, when we began investigating Wuhan Xiaoruizhi Science and Technology Company, it soon became clear that we were onto a winner.
We started with a 2017 job advert posted by the School of Computer and Information Engineering, Hubei University.
Looking for a number of software and system development engineers, Wuhan Xiaoruizhi describes itself as working in the ‘network security field’, and being vaguely located ‘near Wuhan Optics Valley’. Prospective applicants should be proficient in C and C++, scripting languages such as python, JavaScript and php, as well as IDA and OD. They should be familiar with automated testing processes, and web frameworks. Oh, and they must be au-fait with vulnerability mining. In fact, vulnerability mining is so important to Wuhan Xiaoruizhi, in this small university flyer, it is mentioned no less than three times.
A further search of Wuhan Xiaoruizhi reveals another advert posted on a university jobs site – the College of Foreign Languages at Huazhong Agricultural University. This time, Xiaoruizhi is looking for English majors to become analysts who will be responsible for ‘information collection, processing and text editing’ in Chinese and English.
Xiaoruizhi gives us an introduction to the company, which is committed to providing ‘information processing, industry research and big data analysis’ for customers, which include ‘relevant government departments’. We also get to know more about the company’s ‘ethical research and consulting team’, ‘win-win approach’ and its ‘concept of integrity-based innovation’. Only the company isn’t that innovative – nor does it have much integrity: such wording appears to be a word-for word copy of a description from another company’s job advert in Shenzhen. Shenzhen Prothinker Consulting.
Shenzhen Prothinker
So what is it about Shenzhen Prothinker Consulting that got Wuhan Xiaoruizhi so inspired? Well, funnily enough, Shenzhen Prothinker was also on the lookout for English speakers with interests in politics, and graduates with computer-related majors. Hmm. Unfortunately, the website for Prothinker is now defunct. However, there is still some information out there on Baidu about the company. The legal representative of Shenzhen Prothinker was a Huang Ruohang, and the address for the company is listed as Room 2511, 25th Floor, Oriental Science and Technology Building, Science and Technology Park, Yuehai Street, Nanshan District, Shenzhen.
A search for “Huang Ruohang” (Chinese characters given below) showed that Huang Ruohang was also listed as the executive director for Shenzhen Zhongan Domain Technology Company. And as ‘coincidences’ would have it, Shenzhen Zhongan Domain Technology Company was also once located on the 25th Floor of the Oriental Science and Technology Building in Nanshan District Shenzhen.
Shenzhen Zhongan Domain Technology Company appears to be also known, according to its branding, as ZIONSEC. ZIONSEC describes itself as providing ‘advanced solutions for national security issues such as national defense and intelligence’ to ‘help the dream of a powerful country’.
Sounds…suspicious.
Let’s park the shenanigans in Shenzhen for now and return to Wuhan. Who actually works at the Xiaoruizhi Science and Technology Company and what do they do? Unfortunately, this technology company doesn’t have its own website, but we do have the name of the manager, Deng Zhiyong.
Deng is an interesting character. Aside from holding official titles at no less than three (!) government-affiliated organizations, (Director of the Foreign Exchange Center, Ministry of Science and Technology China; Director of the Hubei Wuhan China/Russian Technologic Cooperation Center; Chief of Department of Steelworks Management Administration, Dongxi, Wuhan) our friend Deng also seems to have a thing for Russian lasers.
We will return to this in a later article. It’s a wild ride.
A phone number which seems to be linked to Mr. Deng also seems to be used by both a construction company and a ‘business information consulting company’. Quite the diverse business empire.
So, to summarize, we have a sketchy-looking company in Wuhan looking for vulnerability-miners and foreign language experts and linked to a phone number shared between many businesses. Lacking some imagination, the company decides to borrow language used by another sketchy-looking company in Shenzhen, which in turn appears to have some quite considerable overlap with an info-sec company dedicated to national defense and intelligence work. We also have government clients, a CEO with official PRC government titles, and a bonus link to a shifty hacking school.
You know the drill by now. If it walks like a duck and quacks like a duck…. (should we get that printed on merch?).
Beyond this, Wuhan Xiaoruizhi hasn’t given us much to go on. So, it was time to take our search to the dark web.
Bingo.
Article Link: All roads lead back to Wuhan… Xiaoruizhi Science and Technology Company – Intrusion Truth
1 post – 1 participant
About The Author
