Eugenio Benincasa

Can’t wait for this :)

When Privileged Access Falls into the Wrong Hands: Chinese Companies in Microsoft’s MAPP Program Chinese companies face conflicting pressures between MAPP’s non-disclosure requirements and domestic policies that incentivize or mandate vulnerability disclosure to the state.

Available here: nattothoughts.substack.com/p/when-privi...

Microsoft is probing whether a MAPP leak let Chinese hackers exploit a SharePoint vuln pre-patch.

In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose

Microsoft Probing If Chinese Hackers Learned of Flaws Via Alert Microsoft Corp. is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, acc...

New: Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in SharePoint before they were patched, enabling a global campaign of cyberattacks, according to people familiar: www.bloomberg.com/news/article...

Hooked! #5: A series of new reports and research shows that China’s tech sector is on the offense A series of new reports and research shows that China’s tech sector is on the offense

In the latest Hooked!, editor @katharinegk.bsky.social ties together some fascinating recent research from @benread.bsky.social , @euben.bsky.social, @winnona.bsky.social, and others on private sector elements of Chinese offensive cyber: bindinghook.com/articles-hoo...

Before Vegas: The “Red Hackers” Who Shaped China’s Cyber Ecosystem This CSS Cyberdefense report by Eugenio Benincasa examines how a core group of red hackers from the 1990s and 2000s laid the groundwork for China’s modern cyber capabilities and traces their trajector...

css.ethz.ch/en/center/CS...

Before Vegas – The “Red Hackers” Who Shaped China’s Cyber Ecosystem (Center for Security Studies at ETH Zürich): css.ethz.ch/content/dam/...

6/ Sincerely grateful to the all-star team of experts who shared their insights and feedback: Scott Henderson (Google Mandiant), Adam Kozy (SinaCyber), @meidanowski.bsky.social (@nattothoughts.bsky.social), @thegrugq.bsky.social, @Chris St.Myers (SentinelOne), & Charles Li and Zha0 (TeamT5)

5/ The key lesson: what begins in anonymous forums can end in boardrooms and on digital battlefields. Overlooking civilian hacking talent is a strategic risk.

How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.

@kimzetter.bsky.social's excellent piece for Wired unpacks the state-linked side of the story, covering the report and Adam Kozy’s research: www.wired.com/story/china-...

3/ Some Red 40 hackers have carried out operations on behalf of China’s military and intelligence services. Their informal networks, formed during their teens or twenties as members of the same hacking groups, exemplify tool sharing and collab that underpins China’s APTs MO.

2/ It identifies 40 prominent red hackers — “The Red 40” — who shaped China’s cyber ecosystem from the ground up. It tells the story of how these individuals transitioned from online forums to becoming part of a tightly integrated ecosystem.

Full report:
css.ethz.ch/en/center/CS...

1/ China’s cyber capabilities didn’t start top-down, they started with raw hacking talent. The new CSS/ETH report "Before Vegas" traces how informal talent shaped China’s cyber ecosystem, moving from online forums to industry leaders (link in thread).

haha haven't spent too much time around here

Thank you 🙏 really appreciate it!

Thank you! I’d definitely add Alex Josie’s “Spies and Lies” to the book list

Thank you! Looking forward to hearing your thoughts on it

Fully agree, Patrick. I also love his work. He was very kind to review the report and provide feedback before publication 😊

How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyber Spies A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.

How did China's top APT hackers come to be? Many were early "Honkers" - patriotic hackers who in late 90s launched low-skill cyberattacks against nations deemed disrespectful to China. But once Honkers developed their skills, PLA/MSS came calling. Based on great research by bsky.app/profile/eube...

Pick Your Innovation Path in AI: Chinese Edition China’s advances in AI show the effects of a state approach of “introduce, digest, absorb, re-innovate” and years of debate on the balance between market-driven innovation and state-led development

How has China advanced its AI development to its current state? No single innovation path in AI can be considered definitive.

nattothoughts.substack.com/p/debating-c...

America is coming after Chinese it accuses of hacking Xu Zewei was arrested in Milan on July 3rd

I wrote on the arrest in Italy of Xu Zewei, an alleged Chinese hacker, perhaps the first case where America has sought to extradite a Chinese hacker for mainly or exclusively cyber operations—in this case theft of Covid research during the pandemic. www.economist.com/china/2025/0...

Mobilizing Cyber Power: The Growing Role of Cyber Militias in China’s Network Warfare Force Structure This report examines how China’s cybersecurity industry fields reserve and militia units in support of the PLA and national mobilization system.

“alignment with CCP priorities offers privileged access to state resources, regulatory favor, and expanded commercial opportunities [to hackers]."

NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...

Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.

🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.

key findings below ⬇️- 0/🧵 
www.atlanticcouncil.org/in-depth-res...

I think European countries are struggling even to allow government teams to do this kind of work, so extending it to broader private sector involvement seems unlikely to me as things stand

I agree they should rethink current approaches, starting from talent development.

Defense-Through-Offense Mindset: From a Taiwanese Hacker to the Engine of China’s Cybersecurity Industry The belief that offense enables defense in cyberspace, first rooted in China’s 1990s hacker culture, has since permeated the country’s cyber ecosystem

To defend, one must first know how to attack” (未知攻，焉知防). This mindset, popularized by a Taiwanese hacker Lin in the 1990s, spread from China's red hackers to CTF teams. Today, it powers China's cyber industry.

New piece for @nattothoughts.bsky.social

nattothoughts.substack.com/p/defense-th...

From Humble Beginnings: How a Vocational College Became a Vulnerability Powerhouse Qingyuan Polytechnic's focus on vulnerability studies highlights China's continued efforts in gathering vulnerability resources

The Natto Team explores the development of China's vulnerability research and discovery skills, starting from the vocational college level.

Thanks to @euben.bsky.social @dakotaindc.bsky.social Kristin Del Rosso for their previous research on the topic

nattothoughts.substack.com/p/when-a-voc...

From the World of “Hacker X Files” to the Whitewashed Business Sphere Jiang Jintao’s journey from hacker to infosec entrepreneur illustrates the blend of ambition, skill, and changes in China's cybersecurity industry

The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.

nattothoughts.substack.com/p/stories-of...

Sowing the seeds of enhanced cybersecurity cooperation within the G7 Officials from the Italian National Cybersecurity Agency discuss the challenges and successes of creating the new G7 Cybersecurity Working Group

In their latest for #BindingHook, Massimo Marotti, Matteo E. Bonfanti, and Giovanni Faleg of the Italian National Cybersecurity Agency reflect on the process of forming the new #G7CybersecurityWorkingGroup: bindinghook.com/articles-hoo...

Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25) La France condamne avec la plus grande fermeté le recours par le service de renseignement militaire russe (GRU) au mode opératoire d'attaque APT28, (…)

Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?

www.diplomatie.gouv.fr/fr/dossiers-...