Eugenio Benincasa
@euben.bsky.social
Cyber Defense Researcher @ethz.ch. Former Italian govt, Pacific Forum and NYPD. LUISS & Columbia University Alum.
Pinned
Eugenio Benincasa
@euben.bsky.social
· Jul 21
1/ China’s cyber capabilities didn’t start top-down, they started with raw hacking talent. The new CSS/ETH report "Before Vegas" traces how informal talent shaped China’s cyber ecosystem, moving from online forums to industry leaders (link in thread).
Reposted by Eugenio Benincasa
@euben.bsky.social Eugenio’s research explains the elite cyber talent paradox in China - “all people are soldiers” vs “extremely lean.”
#Cybersecurity #TalentPipeline #CyberOperations
nattothoughts.substack.com/p/few-and-fa...
#Cybersecurity #TalentPipeline #CyberOperations
nattothoughts.substack.com/p/few-and-fa...
Few and Far Between: During China’s Red Hacker Era, Patriotic Hacktivism Was Widespread—Talent Was Not
Inside the small, elite circles that powered China’s massive hacker communities in the late 1990s and 2000s.
nattothoughts.substack.com
August 13, 2025 at 4:49 PM
@euben.bsky.social Eugenio’s research explains the elite cyber talent paradox in China - “all people are soldiers” vs “extremely lean.”
#Cybersecurity #TalentPipeline #CyberOperations
nattothoughts.substack.com/p/few-and-fa...
#Cybersecurity #TalentPipeline #CyberOperations
nattothoughts.substack.com/p/few-and-fa...
Can’t wait for this :)
⚡Meet our Lightning Talk speakers at #BindingHookLive: @euben.bsky.social, @melissakgriffith.bsky.social, @benread.bsky.social, @disclosing.observer, Lena Riecke and Selena Larson! Request your invite: bindinghooklive.com
August 1, 2025 at 9:25 AM
Can’t wait for this :)
Microsoft is probing whether a MAPP leak let Chinese hackers exploit a SharePoint vuln pre-patch.
In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
July 31, 2025 at 4:44 PM
Microsoft is probing whether a MAPP leak let Chinese hackers exploit a SharePoint vuln pre-patch.
In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
Reposted by Eugenio Benincasa
New: Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in SharePoint before they were patched, enabling a global campaign of cyberattacks, according to people familiar: www.bloomberg.com/news/article...
Microsoft Probing If Chinese Hackers Learned of Flaws Via Alert
Microsoft Corp. is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in its SharePoint service before they were patched, acc...
www.bloomberg.com
July 25, 2025 at 6:34 PM
New: Microsoft is investigating whether a leak from its early alert system for cybersecurity companies allowed Chinese hackers to exploit flaws in SharePoint before they were patched, enabling a global campaign of cyberattacks, according to people familiar: www.bloomberg.com/news/article...
Reposted by Eugenio Benincasa
In the latest Hooked!, editor @katharinegk.bsky.social ties together some fascinating recent research from @benread.bsky.social , @euben.bsky.social, @winnona.bsky.social, and others on private sector elements of Chinese offensive cyber: bindinghook.com/articles-hoo...
Hooked! #5: A series of new reports and research shows that China’s tech sector is on the offense
A series of new reports and research shows that China’s tech sector is on the offense
bindinghook.com
July 25, 2025 at 8:31 AM
In the latest Hooked!, editor @katharinegk.bsky.social ties together some fascinating recent research from @benread.bsky.social , @euben.bsky.social, @winnona.bsky.social, and others on private sector elements of Chinese offensive cyber: bindinghook.com/articles-hoo...
Reposted by Eugenio Benincasa
Before Vegas – The “Red Hackers” Who Shaped China’s Cyber Ecosystem (Center for Security Studies at ETH Zürich): css.ethz.ch/content/dam/...
css.ethz.ch
July 21, 2025 at 11:39 AM
Before Vegas – The “Red Hackers” Who Shaped China’s Cyber Ecosystem (Center for Security Studies at ETH Zürich): css.ethz.ch/content/dam/...
1/ China’s cyber capabilities didn’t start top-down, they started with raw hacking talent. The new CSS/ETH report "Before Vegas" traces how informal talent shaped China’s cyber ecosystem, moving from online forums to industry leaders (link in thread).
July 21, 2025 at 8:12 AM
1/ China’s cyber capabilities didn’t start top-down, they started with raw hacking talent. The new CSS/ETH report "Before Vegas" traces how informal talent shaped China’s cyber ecosystem, moving from online forums to industry leaders (link in thread).
Reposted by Eugenio Benincasa
How did China's top APT hackers come to be? Many were early "Honkers" - patriotic hackers who in late 90s launched low-skill cyberattacks against nations deemed disrespectful to China. But once Honkers developed their skills, PLA/MSS came calling. Based on great research by bsky.app/profile/eube...
How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyber Spies
A new report traces the history of the early wave of Chinese hackers who became the backbone of the state's espionage apparatus.
www.wired.com
July 18, 2025 at 3:48 PM
How did China's top APT hackers come to be? Many were early "Honkers" - patriotic hackers who in late 90s launched low-skill cyberattacks against nations deemed disrespectful to China. But once Honkers developed their skills, PLA/MSS came calling. Based on great research by bsky.app/profile/eube...
Reposted by Eugenio Benincasa
How has China advanced its AI development to its current state? No single innovation path in AI can be considered definitive.
nattothoughts.substack.com/p/debating-c...
nattothoughts.substack.com/p/debating-c...
Pick Your Innovation Path in AI: Chinese Edition
China’s advances in AI show the effects of a state approach of “introduce, digest, absorb, re-innovate” and years of debate on the balance between market-driven innovation and state-led development
nattothoughts.substack.com
July 10, 2025 at 7:14 PM
How has China advanced its AI development to its current state? No single innovation path in AI can be considered definitive.
nattothoughts.substack.com/p/debating-c...
nattothoughts.substack.com/p/debating-c...
Reposted by Eugenio Benincasa
I wrote on the arrest in Italy of Xu Zewei, an alleged Chinese hacker, perhaps the first case where America has sought to extradite a Chinese hacker for mainly or exclusively cyber operations—in this case theft of Covid research during the pandemic. www.economist.com/china/2025/0...
America is coming after Chinese it accuses of hacking
Xu Zewei was arrested in Milan on July 3rd
www.economist.com
July 11, 2025 at 6:27 AM
I wrote on the arrest in Italy of Xu Zewei, an alleged Chinese hacker, perhaps the first case where America has sought to extradite a Chinese hacker for mainly or exclusively cyber operations—in this case theft of Covid research during the pandemic. www.economist.com/china/2025/0...
Reposted by Eugenio Benincasa
“alignment with CCP priorities offers privileged access to state resources, regulatory favor, and expanded commercial opportunities [to hackers]."
NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...
NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...
Mobilizing Cyber Power: The Growing Role of Cyber Militias in China’s Network Warfare Force Structure
This report examines how China’s cybersecurity industry fields reserve and militia units in support of the PLA and national mobilization system.
margin.re
July 9, 2025 at 12:19 PM
“alignment with CCP priorities offers privileged access to state resources, regulatory favor, and expanded commercial opportunities [to hackers]."
NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...
NEW Phenomenal report on Chinese civil military fusion and cyber militias by Kieran Green: margin.re/mobilizing-c...
Reposted by Eugenio Benincasa
🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.
key findings below ⬇️- 0/🧵 www.atlanticcouncil.org/in-depth-res...
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.
key findings below ⬇️- 0/🧵 www.atlanticcouncil.org/in-depth-res...
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
If the United States wishes to compete in cyberspace, it must compete against China to secure its offensive cyber supply chain.
www.atlanticcouncil.org
June 25, 2025 at 1:11 PM
🚨 NEW PAPER on the 0day Supply Chain 🚨:
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.
key findings below ⬇️- 0/🧵 www.atlanticcouncil.org/in-depth-res...
I gathered open source data & interviewed Gov employees, VR and china researchers to figure out what the zero day marketplace looks like in the U.S. and how it compares to China.
key findings below ⬇️- 0/🧵 www.atlanticcouncil.org/in-depth-res...
To defend, one must first know how to attack” (未知攻,焉知防). This mindset, popularized by a Taiwanese hacker Lin in the 1990s, spread from China's red hackers to CTF teams. Today, it powers China's cyber industry.
New piece for @nattothoughts.bsky.social
nattothoughts.substack.com/p/defense-th...
New piece for @nattothoughts.bsky.social
nattothoughts.substack.com/p/defense-th...
Defense-Through-Offense Mindset: From a Taiwanese Hacker to the Engine of China’s Cybersecurity Industry
The belief that offense enables defense in cyberspace, first rooted in China’s 1990s hacker culture, has since permeated the country’s cyber ecosystem
nattothoughts.substack.com
June 11, 2025 at 4:17 PM
To defend, one must first know how to attack” (未知攻,焉知防). This mindset, popularized by a Taiwanese hacker Lin in the 1990s, spread from China's red hackers to CTF teams. Today, it powers China's cyber industry.
New piece for @nattothoughts.bsky.social
nattothoughts.substack.com/p/defense-th...
New piece for @nattothoughts.bsky.social
nattothoughts.substack.com/p/defense-th...
Reposted by Eugenio Benincasa
The Natto Team explores the development of China's vulnerability research and discovery skills, starting from the vocational college level.
Thanks to @euben.bsky.social @dakotaindc.bsky.social Kristin Del Rosso for their previous research on the topic
nattothoughts.substack.com/p/when-a-voc...
Thanks to @euben.bsky.social @dakotaindc.bsky.social Kristin Del Rosso for their previous research on the topic
nattothoughts.substack.com/p/when-a-voc...
From Humble Beginnings: How a Vocational College Became a Vulnerability Powerhouse
Qingyuan Polytechnic's focus on vulnerability studies highlights China's continued efforts in gathering vulnerability resources
nattothoughts.substack.com
May 28, 2025 at 4:46 PM
The Natto Team explores the development of China's vulnerability research and discovery skills, starting from the vocational college level.
Thanks to @euben.bsky.social @dakotaindc.bsky.social Kristin Del Rosso for their previous research on the topic
nattothoughts.substack.com/p/when-a-voc...
Thanks to @euben.bsky.social @dakotaindc.bsky.social Kristin Del Rosso for their previous research on the topic
nattothoughts.substack.com/p/when-a-voc...
Reposted by Eugenio Benincasa
The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.
nattothoughts.substack.com/p/stories-of...
nattothoughts.substack.com/p/stories-of...
From the World of “Hacker X Files” to the Whitewashed Business Sphere
Jiang Jintao’s journey from hacker to infosec entrepreneur illustrates the blend of ambition, skill, and changes in China's cybersecurity industry
nattothoughts.substack.com
May 14, 2025 at 4:22 PM
The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.
nattothoughts.substack.com/p/stories-of...
nattothoughts.substack.com/p/stories-of...
Reposted by Eugenio Benincasa
In their latest for #BindingHook, Massimo Marotti, Matteo E. Bonfanti, and Giovanni Faleg of the Italian National Cybersecurity Agency reflect on the process of forming the new #G7CybersecurityWorkingGroup: bindinghook.com/articles-hoo...
Sowing the seeds of enhanced cybersecurity cooperation within the G7
Officials from the Italian National Cybersecurity Agency discuss the challenges and successes of creating the new G7 Cybersecurity Working Group
bindinghook.com
May 12, 2025 at 6:51 AM
In their latest for #BindingHook, Massimo Marotti, Matteo E. Bonfanti, and Giovanni Faleg of the Italian National Cybersecurity Agency reflect on the process of forming the new #G7CybersecurityWorkingGroup: bindinghook.com/articles-hoo...
Reposted by Eugenio Benincasa
Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?
www.diplomatie.gouv.fr/fr/dossiers-...
www.diplomatie.gouv.fr/fr/dossiers-...
Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25)
La France condamne avec la plus grande fermeté le recours par le service de renseignement militaire russe (GRU) au mode opératoire d'attaque APT28, (…)
www.diplomatie.gouv.fr
April 29, 2025 at 5:16 PM
Fascinating to see reference to GRU unit 20728 from FR relative to Russia's offensive cyber program -- as far as I'm aware, a first from a Western service?
www.diplomatie.gouv.fr/fr/dossiers-...
www.diplomatie.gouv.fr/fr/dossiers-...
Reposted by Eugenio Benincasa
Fellow @euben.bsky.social argues that EU member states should reduce strategic #technologicaldependencies on non-EU countries, particularly those deemed high-risk, and enhance proactive #cybersecurity capabilities. bindinghook.com/articles-bin...
Cyber threats are increasingly complex. What can governments do to defend against them?
Virtual Routes fellows look for ways to shrink the gap between cyber threats and defensive capabilities, from regulatory sandboxes to supranational understandings of critical infrastructure.
bindinghook.com
April 28, 2025 at 8:09 AM
Fellow @euben.bsky.social argues that EU member states should reduce strategic #technologicaldependencies on non-EU countries, particularly those deemed high-risk, and enhance proactive #cybersecurity capabilities. bindinghook.com/articles-bin...
In this piece with @nattothoughts.bsky.social's @meidanowski.bsky.social, we dug into China’s two naming-and-shaming campaigns over the past 30 days—targeting alleged Taiwanese and U.S. hackers amid escalating geopolitical tensions.
nattothoughts.substack.com/p/wars-witho...
nattothoughts.substack.com/p/wars-witho...
Wars without Gun Smoke: China Plays the Cyber Name-and-Shame Game on Taiwan and the U.S.
China’s security services have called out hackers of an alleged “Internet Army of Taiwan Independence” and of the U.S. National Security Agency, signaling an increasingly confrontational approach
nattothoughts.substack.com
April 16, 2025 at 4:18 PM
In this piece with @nattothoughts.bsky.social's @meidanowski.bsky.social, we dug into China’s two naming-and-shaming campaigns over the past 30 days—targeting alleged Taiwanese and U.S. hackers amid escalating geopolitical tensions.
nattothoughts.substack.com/p/wars-witho...
nattothoughts.substack.com/p/wars-witho...
Reposted by Eugenio Benincasa
My question is did state media add mention of US universities in response to the paper @euben.bsky.social and I wrote last year which included circumstantial evidence of hacks by NWPU?
www.sentinelone.com/labs/labscon...
www.sentinelone.com/labs/labscon...
April 15, 2025 at 2:37 PM
My question is did state media add mention of US universities in response to the paper @euben.bsky.social and I wrote last year which included circumstantial evidence of hacks by NWPU?
www.sentinelone.com/labs/labscon...
www.sentinelone.com/labs/labscon...
It was a matter of time. Less than a month after outing alleged Taiwanese cyber operatives in an unprecedented move for both its tone and detail, China has done the same with alleged NSA operatives—for the first time. The language echoes that of Western reports, though less detailed.
China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents - www.reuters.com/technology/c...
China accuses US of launching 'advanced' cyberattacks, names alleged NSA agents
Chinese police in the northeastern city of Harbin have accused the United States National Security Agency (NSA) of launching "advanced" cyberattacks during the Asian Winter Games in February, targeting essential industries.
www.reuters.com
April 15, 2025 at 5:04 AM
It was a matter of time. Less than a month after outing alleged Taiwanese cyber operatives in an unprecedented move for both its tone and detail, China has done the same with alleged NSA operatives—for the first time. The language echoes that of Western reports, though less detailed.
Reposted by Eugenio Benincasa
What's happening to @thekrebscycle.bsky.social is disgusting
He's one of the most hardworking, dedicated and smart people I'm lucky enough to know, and he showed a LOT of courage when he fought back against attempts to undermine the 2020 election result
I hope Americans will stand behind him
He's one of the most hardworking, dedicated and smart people I'm lucky enough to know, and he showed a LOT of courage when he fought back against attempts to undermine the 2020 election result
I hope Americans will stand behind him
April 10, 2025 at 3:26 AM
What's happening to @thekrebscycle.bsky.social is disgusting
He's one of the most hardworking, dedicated and smart people I'm lucky enough to know, and he showed a LOT of courage when he fought back against attempts to undermine the 2020 election result
I hope Americans will stand behind him
He's one of the most hardworking, dedicated and smart people I'm lucky enough to know, and he showed a LOT of courage when he fought back against attempts to undermine the 2020 election result
I hope Americans will stand behind him
Reposted by Eugenio Benincasa
We loved having you @weberv.bsky.social, Zoë van Doren, @euben.bsky.social & co! 🙏
It was a real pleasure to speak about #China as a risen cyber power at the @virtualroutes.bsky.social colloquium w Zoë van Doren yesterday. Thanks to thought-provoking comments from @euben.bsky.social and great chairing by Lena Riecke & @partomirzaei.bsky.social.
April 4, 2025 at 6:27 AM
We loved having you @weberv.bsky.social, Zoë van Doren, @euben.bsky.social & co! 🙏
Reposted by Eugenio Benincasa
It was a real pleasure to speak about #China as a risen cyber power at the @virtualroutes.bsky.social colloquium w Zoë van Doren yesterday. Thanks to thought-provoking comments from @euben.bsky.social and great chairing by Lena Riecke & @partomirzaei.bsky.social.
April 3, 2025 at 1:34 PM
It was a real pleasure to speak about #China as a risen cyber power at the @virtualroutes.bsky.social colloquium w Zoë van Doren yesterday. Thanks to thought-provoking comments from @euben.bsky.social and great chairing by Lena Riecke & @partomirzaei.bsky.social.
Reposted by Eugenio Benincasa
A case study of the i-SOON indictment and leaks reveals that source information may vary but it is important to compare and evaluate information for unique insights.
nattothoughts.substack.com/p/indictment...
nattothoughts.substack.com/p/indictment...
Indictments and Leaks: Different but Complementary Sources
A case study of the i-SOON indictment and leaks reveals that source information may vary but it is important to compare and evaluate information for unique insights.
nattothoughts.substack.com
April 2, 2025 at 5:13 PM
A case study of the i-SOON indictment and leaks reveals that source information may vary but it is important to compare and evaluate information for unique insights.
nattothoughts.substack.com/p/indictment...
nattothoughts.substack.com/p/indictment...