Trouble in Paradise
Our last article left you on a cliff edge. What did we find on the dark web which proved so illuminating?
Well, it would seem things at Wuhan Xiaoruizhi are not all well.
In a post which was later redacted and then disappeared with the downfall of breachforums, we found a post from someone who claimed to be a representative of a disaffected hacker selling the identities of 100 of their colleagues from an ‘elite hacking team’ in Wuhan.
The poster goes on to claim that Wuhan Xiaoruizhi was a cover company for MSS hacking activity in Wuhan. The company had a few teams working for the MSS, but in 2020, teams started working under new companies.
These are some astonishing claims, but at team Intrusion Truth we are nothing if not diligent and wanted to get to the bottom of this ourselves. Could we also link Wuhan Xiaoruizhi to the MSS? Could we link it to an APT?
One thing was for sure, Wuhan Xiaoruizhi deserved more of our attention. We searched far and wide for months to gather more information on who works or has worked there. Inspired by our success with Xiong Wang’s insurance record, we decided to widen the net. After months of effort, we found the gem we had been waiting for: the social insurance records for Wuhan Xiaoruizhi.
To spare the reader endless documents we have collated as many of the names we can find who have worked at Wuhan Xiaoruizhi as we can:
Chinese
Pinyin
曹锦芳
Cao Jinfang
常振
Chang Zhen
程鼎
Cheng Ding
程锋
Cheng Feng
顾成武
Gu Chengwu
侯强
Hou Qiang
胡嘉祥
Hu Jiaxiang
黄增辉
Huang Zenghui
黄震
Huang Zhen
黄振
Huang Zhen
李海青
Li Haiqing
李家诚
Li Jiacheng
李圣胜
Li Shengsheng
李义龙
Li Yilong
廖绪良
LiaoXuliang
刘晨成
Liu Chencheng
刘宏伟
Liu Hongwei
马欢
Ma Huan
唐星昭
Tang Xingzhao
涂梦
Tu Meng
万光灿
Wan Guangcan
王意军
Wang Yijun
魏耀斌
Wei Yaobin
熊旺
Xiong Wang
鄢文龙
Yan Wenlong
杨鑫
Yang Xin
苑红曦
Yuan Hongxi
张超锋
Zhang Chaofeng
张立业
Zhang Liye
赵光宗
Zhao Guangzong
周鑫
Zhou Xin
左鹤群
Zuo Hequn
And here are some examples of the documents which form the basis of this list:
Cheng Ding insurance record
Zhao Guangzong insurance record
Zhang Chaofeng insurance record
Xiong Wang insurance record
You might recognize some of the names on the larger list: 黄振 AKA Huang Zhen, 黄震 AKA Huang Zhen, and 李义龙 Li Yilong were also satisfied customers from Kerui Cracking Academy from Article 2. Don’t you just love it when things come full circle? Could it be that the ‘undisclosed private company working supporting the government’ Li Yilong claimed to work at is none other than Wuhan Xiaoruizhi itself? Could Kerui be a pipeline into Xiaoruizhi?
Beyond getting reacquainted with our old friends above, this list of employees provided a number of interesting leads. But one of the names cracked our case wide open. Meet Cheng Feng.
Article Link: Trouble in Paradise – Intrusion Truth
1 post – 1 participant
About The Author
