Intrusion Truth, the mysterious analyst or group that tracks and exposes China-backed cyber threat groups and actors, have published more than two dozen reports since April 2017. The group has made a name for its threat investigating motivations and results. Several actors identified by Intrusion Truth later have been indicted by the US Department of Justice. On the other side, besides its anonymity, members of the cyberthreat intelligence community have widely questioned the legality of its methods, gaps in its research, and the very value of its efforts.
This talk will examine the tools and methods used by Intrusion Truth to identify Chinese threat actors, particularly how the group leverages Chinese language sources. The talk will then analyze the applicability of Intrusion Truth's methodology for threat intelligence practices at large. Lastly, the talk will provide insight into the tradecraft of utilizing Chinese language internet and social media sources to research and analyze Chinese threat activity and how it can enhance the value of cyberthreat reporting in a commercial context.