China's Security Ministry is running APT17 cyber-espionage group, claims Intrusion Truth

Intrusion Truth has revealed details of three individuals believed to be members of APT17

Cyber-espionage hacking group APT17 is controlled by the Jinan bureau of China's Security Ministry, an online group of anonymous cyber-security experts has claimed.

APT17 is a China-based hacking group that is believed to have conducted multiple attacks against government entities, the defence industry, IT and finance companies, and even law firms in countries across the world.

Researchers at cybersecurity firms have assigned various codenames to the group, such as Deputy Dog and Axiom, identified by the kind of hacking tools and techniques that they use.

Intrusion Truth has previously exposed the identities of a number of individuals that, it claimed, were members of two other Chinese hacking groups, APT3 and APT10. Those revelations in 2017 and 2018 eventually led to the indictment of some hackers by the US Justice Department.

In its latest series of exposés, the anonymous white-hat group Intrusion Truth has published details about the three individuals that are thought to be the members of the APT17 group.

According to Intrusion Truth, one of those members is Guo Lin, who is thought to be an officer of the Chinese Ministry of State Security (MSS). He also runs four Chinese companies, namely Jinan Quanxin Fangyuan Technology, Jinan Anchuang Information Technology, Jinan Fanglang Information Technology and RealSOI Computer Network Technology.

Two other members of the group are Wang Qingwei and Zeng Xiaoyong, Intrusion Truth claims. Wang Qingwei is a representative of the Jinan Fanglang company, while Zeng Xiaoyong is behind the online profile ' envymask '. All three of them live in the city of Jinan, the capital of Shandong province, and supposedly work as contractors for the Jinan bureau of the MSS.

Intrusion Truth further claims that these three individuals carry out hacking operations after receiving commands from their superiors.

Intrusion Truth's assessment that APT17 is run by China's Security Ministry won't come as a shock for most cyber security specialists, who have noticed an increasing number of attacks coming from China and North Korea on government and private entities in western countries.

Indeed, an online Google Docs spreadsheet that tracks various state-led APTs has a long and growing list of Chinese-sourced players.

And more and more information has been put in the public domain.

Last month, a report claimed that hackers working for the Chinese Ministry of State Security had targeted eight major tech service providers for years. The researchers believed that Chinese hacking group APT10 was likely behind this the hacking campaign, called Cloud Hopper.

Earlier in April, German pharmaceuticals giant Bayer claimed that its cyber security team fended off a nation-state cyber attack from a group linked with China. Bayer ' s team found that a Trojan linked to Chinese government-linked group was used to gain access to Bayer's network.

And last year, US officials claimed that Chinese state-sponsored hackers were behind the Marriott International data breach. Hacking tools used to purloin some 500 million records pointed to China's Ministry of State Security, according to US agencies.