Intrusion Truth initiated a countdown on its Twitter account Friday, promising its roughly 6,000 followers “something new” in five days.
But for those unfamiliar with the murky world of nation-state espionage, Intrusion Truth is unlikely to ring any bells. But the group has managed to make a name for itself online.
So who exactly are Intrusion Truth and what should we expect to see next week? Here’s what you need to know.
Who is Intrusion Truth?
Intrusion Truth is a mysterious group of self-described analysts who first emerged in 2017. The group, made up of an unknown number of anonymous members, quickly made a name for itself by taking the unusual step of exposing the identities of suspected Chinese government-backed hackers.
Since then, Intrusion Truth has published around two dozen reports on its blog detailing what it claims to be the inner-workings of the Chinese intelligence community.
Experts in the cybersecurity field believe, based on their own analysis, that the data provided by Intrusion Truth is legitimate.
What is their purpose?
In statements to VICE in 2018, Intrusion Truth stated that one of its primary aims was to push back against China’s aggressive economic and industrial-espionage against Western countries.
“Intellectual property theft is a global confrontation fought between the West and its online adversaries, mainly China,” the group said. “This theft damages hard working individuals, their companies and entire economies through lost revenue and competition that is completely unfair.”
China has repeatedly been accused of not only stealing trade secrets from American companies but of stealing information from the U.S. military, including data on the Patriot missile system and the F-35 Joint Strike Fighter.
Intrusion Truth claims that China regularly relies on “commercial hackers” to do its dirty work, only to later throw them under the bus once they’ve been caught.
“Until recently, China has been winning—it has acted with impunity, stealing data using commercial hackers that it pays and tasks but later claims are criminals,” the group added. “The use of commercial hackers is a deliberate attempt to circumvent the statements that China has made committing to stop this illegal activity.”
Who has been exposed?
From the beginning, Intrusion Truth has focused on several prominent APT groups, an industry term for government-backed hackers referred to as “Advanced Persistent Threats.”
The first group Intrusion Truth set its sights on was APT3, a suspected Chinese hacking group also commonly referred to as Gothic Panda, Buckeye, UPS Team and TG-0110, that was first revealed in 2010.
Intrusion Truth claimed that the software company known as “Boyusec,” which is accused of secretly operating under the control of China’s Ministry of State Security (MSS) intelligence service, was behind APT3.
Setting itself apart from traditional cybersecurity firms, Intrusion Truth followed up by naming two individuals it claimed belonged to APT3: Wu Yingzhuo and Dong Hao. The website for Boyusec disappeared shortly after Intrusion Truth’s report.
Since then, it has targeted and outed alleged members of other Chinese hacking groups such as APT10, which has targeted manufacturing, aerospace, and engineering companies, as well as APT17, accused of targeting both public and private entities.
Much of the allegations regarding APT10 were later backed up by the prominent cybersecurity firm Recorded Future. Not long after in 2018, the U.S. Department of Justice (DOJ) filed charges in relation to APT10’s activity.
What can we expect next from Intrustion Truth?
Intrusion Truth’s last blog post came in January 2020 and focused on the state-sponsored group known as APT40, which is believed to be stealing information as part of China’s effort to modernize its Navy.
Although it has remained active on Twitter, its blog has been dormant. But with its recent announcement and five-day countdown, it appears likely that the group will once again be shedding light on Beijing’s covert activities.