The Infosec Spectrum in China

In this page, I am just trying to keep track of multiple infosec-related groups in China, both official and non-official. This is a work in progress, and may contain errors. It is organized vaguely along a spectrum from offense to defense, with a huge gray area in the middle.

The Big Four

• APT1, described as the "Big Brother" of the Chinese hacking space, alleged to be a PLA unit, GSD 3rd Department, SIGINT/CNO, 2nd Bureau, Unit 61398 (总参三部二局61398部队). Engages in a lot of phishing and industrial espionage.
• Icefog (name given by Kaspersky Labs, 冰雾), dedicated to cyber guerrilla warfare, aimed primarily at Korean and Japanese heavy industry and telecom targets. Significant capability against Mac OSX. Kaspersky believes this is a small team of 6-12 people who provide their services for hire.
• Hidden Lynx (隐匿山猫). Attacks high-value large targets like Google. Specializes in banking and financial industries, also attacks government and education targets. Uses Trojan Horses to establish foothold.
• APT12, similar to APT1, attacks mainly government targets, makes extensive use of DropBox to deliver infected files to targets.

Red Alliances

• Red Hacker Alliance (红黑联盟)
• Chinese Culture Net (华文网)
• China Hacker Alliance (中国黑客联盟)
• Chinese Alliance (华盟网)

Other Alliances

• Hackbase (黑基网)
• Student Hacker Alliance (学生黑客联盟)
• Yes Hacker Alliance (Yes黑客联盟)
• Black Bar Security Network (黑吧安全网)

Security Networks

• Green Corps (绿色兵团)
• China Computer Security Network (中国计算机安全网)
• 20CN Network Security Group (20CN网络安全小组)
• China Network Management Alliance (中国网管联盟)
• Gray Hat Security Center (灰帽子安全中心)

Firewall Providers

• Zhongxin Software (中新软件) manufacturer of Golden Shield (金盾)
• Aodun (傲盾)
• Icewall (冰盾)
• Weidun (威盾)

Government Agencies and Centers

• National Internet Emergency Response Center (国家网络应急处理中心, CNCERT/CC)
• China Infosec Security Organization (中国计算机安全)
• National Secrecy Science and Technology Evaluation Center (国家保密局产品检测)
• Ministry of Public Security, Information Security Product Evaluation Center (公安部信息系统安全产品检测)
• China INFOSEC Approval Center (中国信息安全认证中心)
• China INFOSEC Evaluation Center (中国信息安全测评中心)
• PLA General Staff, 3rd Department (总参三部), covers SIGINT/CNO (signals intelligence/computer network operation). Comprises 12 bureaus and three research institutes.