this post was submitted on 30 Mar 2024
85 points (94.7% liked)

World News

32277 readers
490 users here now

News from around the world!

Rules:

founded 5 years ago
MODERATORS
top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 2 points 7 months ago

Or someone who wanted people to point fingers at someone specific.

[–] [email protected] 4 points 7 months ago (2 children)

This is either a state actor operating under a fake name or it deserves to be one.

The perpetrator, "Jia Tan," let's assume has last name 陈. In Mandarin, this is pronounced as Chen, in Hong Kong as Chan, while in Minnan this is pronounced as Tan. Minnan is prevalent in Taiwan, Singapore, Malaysia, Indonesia, and other southeast Asian countries as well as in parts of Fujian, China (where it originated).

A common feature of early Chinese expat communities was that they were overwhelmingly from Guangdong (think Gold Rush era). However, more recently, there's been a massive wave of Taiwan and Hong Kong emigration... The relevant takeaway here is that Tan is much more common of a pronunciation in expat communities than it is in China.

Of course, they could also have the last name 谭, but that's a good bit rarer. 陈 is the most common Chinese surname overseas and the 5th most common in China, while 谭 is something like 54th most common in China. Odds are high that, if this was a persona constructed by a state actor, it did not come from China but from an overseas actor for which Tan is a more common romanization.

[–] [email protected] 2 points 7 months ago* (last edited 7 months ago)

What makes you think thats actually their name?

[–] [email protected] 2 points 7 months ago (1 children)

This makes sense, but the implementation itself was also kind of sloppy. I think it was bound to be found sooner or later, which seems oddly unlikely for an APT that would spend more time and effort hiding it.

I wouldn't expect China, NSA, or any big name APT to be behind this.

I wonder if it was really a state actor or actually just a random blackhat group trying to gg ez a backdoor.

[–] [email protected] 7 points 7 months ago

Way too big of a target for a black hat group imo. It was only sloppy because they got caught.

The length of this project points to external funding.