One posting from Hainan Xiandun stood out. The ad, on a Sichuan University computer science hiring board from 2018, boasted that Xiandun had “received a considerable number of government-secret-related business.”
The company, based in Hainan’s capital, Haikou, paid monthly salaries of $1,200 to $3,000 — solid middle-class wages for Chinese tech workers fresh out of college — with bonuses as high as $15,000. Xiandun’s ads listed an email address used by other firms looking for cybersecurity experts and linguists, suggesting they were part of a network.
Chinese hacking groups are increasingly “sharing malware, exploits and coordinating their efforts,” the operators of “Intrusion Truth” wrote in an email. The operators have not disclosed their identities, citing the sensitivity of their work.
Xiandun’s registered address was the library of Hainan University. Its phone number matched that of a computer science professor and People’s Liberation Army veteran who ran a website offering payments for students with novel ideas about cracking passwords. The professor has not been charged.
Other records and phone numbers led the blog authors to an email address and a frequent-flier account owned by Ding Xiaoyang, one of the managers of the company.
The indictment asserted that Mr. Ding was a state security officer who ran the hackers working at Hainan Xiandun. It included details the blog did not find, like an award Mr. Ding received from the Ministry of State Security for young leaders in the organization.
Mr. Ding and others named in the indictment couldn’t be reached.
Though trackable for now, China’s state security apparatus may be learning how to better hide its footprints, said Matthew Brazil, a former China specialist for the Department of Commerce’s Office of Export Enforcement who has co-written a study of Chinese espionage.
“The abilities of the Chinese services are uneven,” he said. “Their game is getting better, and in five or 10 years it’s going to be a different story.”
Nicole Perlroth contributed reporting.