Share this page!

Devin Thorne Profile picture
Twitter logo
5 May, 9 tweets, 6 min read
1/ NEW INVESTIGATION: Remember hearing that a People’s Liberation Army (PLA)-linked cyber group hacked 200 Japanese businesses in 2016? While looking into that allegation, we at Recorded Future found something else you should know: a PLA unit is buying popular antivirus in bulk
2/ So the allegation is PLA Unit 61419 is linked to the advanced persistent threat (APT) actor Tick Group. We need more information to make a firm conclusion there, but circumstantially it makes sense. Both groups have a cyber operations focus on Japan yomiuri.co.jp/national/20210…
3/ While investigating Unit 61419’s recent activities for additional clues, we found multiple military procurement documents showing their inquiries about buying 14 (!) English-language antivirus products throughout 2019
4/ So what? It’s highly unlikely that this PLA unit uses antivirus in English, or that it’s even allowed to use the foreign products it sought to purchase. It is much more likely that Unit 61419 is developing new cyber attack methods to get around these products
5/ There have been at least 4 incidents of China-based APTs exploiting antivirus products since 2017, which also fits within a broader pattern of supply chain cyber attacks in recent years. Moreover, China would not be the first country to buy antivirus for malware development
6/ Returning to Tick Group, in the summer of 2019 they compromised a Trend Micro product just a few months before Unit 61419 issued a purchase order for Trend Micro software. While circumstantial, this is perhaps another piece of the puzzle in the alleged 61419-Tick Group link.
7/ Originally ID’d by @Stokes2049 in 2011, Unit 61419 was a 3PLA signals intel/cyber operations bureau. Our procurement documents confirm it was reorganized into the PLA's Strategic Support Force and that its HQ is in a Qingdao compound who's public face is the Bihaiyuan Hotel
8/ Check out Recorded Future’s full alert at the link below. And make sure you keep your antivirus updated!

recordedfuture.com/china-pla-unit…
Pinging China cyber/mil/espionage researchers: @jonrlindsay @JackieGSchneid @EBKania @McReynoldsJoe @adschina @jmulvenon @DerekSReveron @Fiona_Cunning @NigelInkster @CostelloJK @matthew_brazil @PLMattis @PeterWood_PDW @niubi

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Devin Thorne

Devin Thorne Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @D_Thorne

Devin Thorne Profile picture
16 Jun 19
Remember hearing that @exceptionpcb makes printed circuit boards (PCBs) for the F-35 & is owned by Shenzhen Fastprint? Let’s take a look into who Fastprint is & how we can investigate them. Spoiler alert: they supply electronics to the PLA!
First, the website. Shenzhen Fastprint manufactures integrated circuits (ICs), PCBs & other things in SZ, Guangzhou & Yixing, with subsidiaries in HK, UK & the US. They also admit to producing products for the Chinese military since 2010, though that’s not on the English site…
Their Guangzhou & Hunan subsidiaries make “military products,” incl PCBs & secure solid-state HDs for the PLA. Fastprint reported an income of >500 mil USD in 2017. The 2nd largest source was military products (7%) & national defense tech is central to their development plan!
Read 15 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @D_Thorne has new unrolls!

Check out other threads from @D_Thorne!

Read all threads by @D_Thorne

:(