Lightnews — Scholar-powered news

Natto Thoughts

@nattothoughts.bsky.social

110 followers 10 following 19 posts

Cyber threat intelligence research and analysis from geopolitical, economic, social, cultural and linguistic perspectives.

Posts Media Videos Starter Packs

Natto Thoughts @nattothoughts.bsky.social · 28d

Our latest analysis digs into newly identified Salt Typhoon-linked companies, revealing the murky ecosystem of front firms and legitimate businesses that prop up Chinese state cyber operations.

A beacon of clarity? Or just more questions in the storm?

nattothoughts.substack.com/p/salt-typho...

Salt Typhoon: New Joint Advisory Offers a Beacon Through the Storm but Stirs Up New Questions

Analysis of newly identified Salt Typhoon-linked companies casts light on the complex ecosystem of front companies and real businesses supporting Chinese state cyber operations

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Aug 13

@euben.bsky.social Eugenio’s research explains the elite cyber talent paradox in China - “all people are soldiers” vs “extremely lean.”

#Cybersecurity #TalentPipeline #CyberOperations

nattothoughts.substack.com/p/few-and-fa...

Few and Far Between: During China’s Red Hacker Era, Patriotic Hacktivism Was Widespread—Talent Was Not

Inside the small, elite circles that powered China’s massive hacker communities in the late 1990s and 2000s.

nattothoughts.substack.com

Reposted by Natto Thoughts

Eugenio Benincasa @euben.bsky.social · Jul 31

Microsoft is probing whether a MAPP leak let Chinese hackers exploit a SharePoint vuln pre-patch.

In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose

Natto Thoughts @nattothoughts.bsky.social · Jul 23

Natto Thoughts examines HAFNIUM-linked hacker Xu Zewei and reveals ties between China’s state security agencies, cybersecurity firm and strategic industries.
nattothoughts.substack.com/p/hafnium-li...

HAFNIUM-Linked Hacker Xu Zewei: Riding the Tides of China’s Cyber Ecosystem

How one man’s career reveals the interconnected web of China’s state security apparatus, cybersecurity firms, and strategic industries

nattothoughts.substack.com

Reposted by Natto Thoughts

Eugenio Benincasa @euben.bsky.social · Jul 21

1/ China’s cyber capabilities didn’t start top-down, they started with raw hacking talent. The new CSS/ETH report "Before Vegas" traces how informal talent shaped China’s cyber ecosystem, moving from online forums to industry leaders (link in thread).

Natto Thoughts @nattothoughts.bsky.social · Jul 10

How has China advanced its AI development to its current state? No single innovation path in AI can be considered definitive.

nattothoughts.substack.com/p/debating-c...

Pick Your Innovation Path in AI: Chinese Edition

China’s advances in AI show the effects of a state approach of “introduce, digest, absorb, re-innovate” and years of debate on the balance between market-driven innovation and state-led development

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Jun 25

What does China’s top vulnerability mining platform’s white hat elite growth system like? What are the capabilities needed to be an expert white hat hacker?

nattothoughts.substack.com/p/butian-vul...

Butian Vulnerability Platform: Forging China's Next Generation of White Hat Hackers

From 'Trouser Belt Project' to 'Patching the Sky': Qi An Xin’s Butian platform serves as cradle for nurturing new talent and smelter for refining seasoned hackers’ skills

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Jun 11

We often questioned how they achieved their current status regarding China developing its cyber offensive capabilities. The Natto Team appreciates @euben.bsky.social for investigating the origin of the defense-through-offense approach.

Eugenio Benincasa @euben.bsky.social · Jun 11

To defend, one must first know how to attack” (未知攻，焉知防). This mindset, popularized by a Taiwanese hacker Lin in the 1990s, spread from China's red hackers to CTF teams. Today, it powers China's cyber industry.

New piece for @nattothoughts.bsky.social

nattothoughts.substack.com/p/defense-th...

Defense-Through-Offense Mindset: From a Taiwanese Hacker to the Engine of China’s Cybersecurity Industry

The belief that offense enables defense in cyberspace, first rooted in China’s 1990s hacker culture, has since permeated the country’s cyber ecosystem

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · May 28

The Natto Team explores the development of China's vulnerability research and discovery skills, starting from the vocational college level.

Thanks to @euben.bsky.social @dakotaindc.bsky.social Kristin Del Rosso for their previous research on the topic

nattothoughts.substack.com/p/when-a-voc...

From Humble Beginnings: How a Vocational College Became a Vulnerability Powerhouse

Qingyuan Polytechnic's focus on vulnerability studies highlights China's continued efforts in gathering vulnerability resources

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · May 14

The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.

nattothoughts.substack.com/p/stories-of...

From the World of “Hacker X Files” to the Whitewashed Business Sphere

Jiang Jintao’s journey from hacker to infosec entrepreneur illustrates the blend of ambition, skill, and changes in China's cybersecurity industry

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · May 2

This Natto Thoughts analysis was originally published last October. With new notes and updates added, we thought it is still relevant today to understand Russian ransomware actors and Russian political culture.

nattothoughts.substack.com/p/ransom-war...

Ransom-War and Russian Political Culture: Trust, Corruption, and Putin's Zero-Sum Sovereignty

Recent Western government revelations about EvilCorp flesh out how Russian ransomware actors and the Russian government use each other to navigate a world they perceive as dangerous.

nattothoughts.substack.com

Reposted by Natto Thoughts

Eugenio Benincasa @euben.bsky.social · Apr 16

In this piece with @nattothoughts.bsky.social's @meidanowski.bsky.social, we dug into China’s two naming-and-shaming campaigns over the past 30 days—targeting alleged Taiwanese and U.S. hackers amid escalating geopolitical tensions.

nattothoughts.substack.com/p/wars-witho...

Wars without Gun Smoke: China Plays the Cyber Name-and-Shame Game on Taiwan and the U.S.

China’s security services have called out hackers of an alleged “Internet Army of Taiwan Independence” and of the U.S. National Security Agency, signaling an increasingly confrontational approach

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Apr 2

A case study of the i-SOON indictment and leaks reveals that source information may vary but it is important to compare and evaluate information for unique insights.

nattothoughts.substack.com/p/indictment...

Indictments and Leaks: Different but Complementary Sources

A case study of the i-SOON indictment and leaks reveals that source information may vary but it is important to compare and evaluate information for unique insights.

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Mar 19

A recent research from Natto Thoughts about US-sanctioned, allegedly APT27-associated actor. #apt27

nattothoughts.substack.com/p/zhou-shuai...

Zhou Shuai: A Hacker’s Road to APT27

US-sanctioned, allegedly APT27-associated actor Zhou Shuai represents a group of Chinese elite hackers who have become an important resource for Chinese state cyber operations.

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Mar 5

As the Natto Team was going to publish this piece, US Department of Justice unsealed an indictment charging eight i-SOON employees and highlighting the importance of companies like i-SOON in China's cyberthreat landscape.

nattothoughts.substack.com/p/where-is-i...

Where is i-SOON Now?

i-SOON’s business struggles after the leak reflect the cruel reality of China’s hacker-for-hire industry

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Feb 28

We appreciate that more and more threat intelligence researchers value the importance of cultural component in APT research. @techy.detectionengineering.net

Reposted by Natto Thoughts

Eugenio Benincasa @euben.bsky.social · Feb 19

If you’re familiar with iOS jailbreaking, then you’ve likely heard of the Pangu Team.

1y after the i-SOON leaks, my latest for @nattothoughts.bsky.social examines Pangu’s ties to i-SOON and the links b/w elite vuln researchers and govt-contracted hackers

nattothoughts.substack.com/p/the-pangu-...

The Pangu Team—iOS Jailbreak and Vulnerability Research Giant: A Member of i-SOON’s Exploit-Sharing Network

A year after the i-SOON leaks, a deep dive into the Pangu Team reveals new insight into the relationships between elite vulnerability researchers and government-contracted hackers

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Feb 18

We are glad to see that some curious minds like us want to find out more about Chinese APTs associated companies in reality. They actually paid a visit to them.

substack.com/home/post/p-...

Chasing Chengdu404, Sichuan Silence....and NoSugar Technology !?

On the ground research on US sanctioned cyber security companies in China.

Natto Thoughts @nattothoughts.bsky.social · Feb 6

Even before DeepSeek's debut sparked pride among Chinese netizens, US sanctions on Sichuan Silence developer Guan Tianfeng triggered online vows to "march forward" in cyberpower competition.

nattothoughts.substack.com/p/sichuan-si...

Sichuan Silence Information Technology and Guan Tianfeng: Your Criminal Our Hero

Even before DeepSeek's debut sparked pride among Chinese netizens, US sanctions on Sichuan Silence developer Guan Tianfeng triggered online vows to "march forward" in cyberpower competition

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Jan 22

The other shoe has finally dropped, but we still need more intrusion details to defend against the threats.
#salttyphoon #apt

nattothoughts.substack.com/p/salt-typho...

Salt Typhoon: the Other Shoe Has Dropped, but Consternation Continues

Sichuan Juxinhe, directly involved in the Salt Typhoon cyber operations, resembles a front company of the Chinese Ministry of State Security

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Dec 17

Thank you for your support. The Natto Team appreciates it.

1000 subscribers. You did it. Natto Thoughts has its first thousand subscribers. Nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Dec 11

Natto Thoughts is honored to have guest contributor Eugenio Benincasa discussing China’s pubic opinion analysis systems and how Bluesky should outsmart them. @euben.bsky.social nattothoughts.substack.com/p/bluesky-sh...

Bluesky Should Outsmart China's Public Opinion Monitoring Tools to Safeguard Public Discourse

The Chinese government has leveraged public opinion analysis systems to target U.S. social media platforms to tamper with public discourse in the past. Will Bluesky be included? most likely yes.

nattothoughts.substack.com

Natto Thoughts @nattothoughts.bsky.social · Dec 4

The Natto Team follows up on the findings of Sophos' Pacific Rim reports and provides a deep dive into Sichuan Silence Information Technology company - a Chengdu-based jack-of-all-trades infosec company.

nattothoughts.substack.com/p/sichuan-si...

Sichuan Silence Information Technology: Great Sounds are Often Inaudible

Formerly very public, Sichuan Silence has gone quiet since 2020; but as part of a circle of Chengdu-based jack-of-all-trades infosec companies, it serves the state in cyber-enabled operations

nattothoughts.substack.com