In our previous articles we identified a network of front companies for APT activity in Hainan, and showed that Gu Jian, an academic at Hainan University, is listed as a contact person for one of these companies – Hainan Xiandun. Additionally, Gu Jian appeared to manage a network security competition at the university and was reportedly seeking novel ways of cracking passwords, offering large amounts of money to those able to do so. The registered address for Hainan Xiandun is the Hainan University Library.
Our analysts and contributors were reassured to know that this blog is not alone in being suspicious of these Hainan front companies. Questions abound online about why these companies have such a thin presence on the Internet or, as below, whether the jobs they are promoting even exist.
This Chinese post is titled “Hainan Yili Technology Company: How can you find this company on the Internet, can I trust this job advert?” and asks other users of the site for their views.
Fortunately, this blog has been able to identify a number of individuals who have worked at one of these front companies. None of these leads are ground-breaking (check back tomorrow for that), but perhaps these individuals will provide other investigators with interesting leads to follow in the future.
Mr Wu
Wu Bingnan (吴炳南) worked as a translator for Hainan Xiandun from 2015-2016. An English speaker who also specialised in project management. Where did he study? Hainan University…
Ms Guo
Guo Kua (郭跨), also known as ‘Sugar’, is a former Vietnamese translator at Hainan Kehua. As we have seen so often for these companies, Sugar doesn’t provide much detail about her role or responsibilities.
Mr Cai
Cai Shiping (蔡世平) is a Project Manager at Hainan Tengyuan.
Mr Hou
Hou Guorong (候国荣) is an Information Security Engineer at Hainan Kehua.
Mr Lü
Lü Bizhen (吕碧桢) is an engineer at Hainan Kehua.
In summary: the Hainan front companies that this blog identified have been viewed with suspicion online by Chinese netizens and have a limited digital footprint. Despite the companies repeatedly describing themselves as having 50-100 employees, there is little information online about who they are. We have identified Wu Bingnan, Guo Kua, Hou Guorong, and Lü Bizhen as current or former workers at these companies.
Article Link: https://intrusiontruth.wordpress.com/2020/01/13/who-else-works-for-this-cover-company-network/