Natto Thoughts
LightNews LightNews
nattothoughts.bsky.social
Natto Thoughts
@nattothoughts.bsky.social
130 followers 13 following 28 posts
Cyber threat intelligence research and analysis from geopolitical, economic, social, cultural and linguistic perspectives.
https://www.nattothoughts.com/
Posts Replies Media Videos
nattothoughts.bsky.social
The Tianfu Cup is back this year. See the analysis of the event by Eugenio @euben.bsky.social published today on Natto Thoughts.

www.nattothoughts.com/p/the-tianfu...
The Tianfu Cup Returns Under MPS Leadership as AI Takes Center Stage
After a two-year hiatus, the Tianfu Cup returns under MPS lead, combining AI-assisted vulnerability discovery and exploitation, a new competition track, and less transparency in vulnerability handling
www.nattothoughts.com
February 12, 2026 at 1:12 AM
nattothoughts.bsky.social
We continue exploring provincial level’s involvement in cyber operations. See details in analysis by @euben.bsky.social

www.nattothoughts.com/p/provincial...
Provincial Tasking, Cross-Provincial Execution: A Case-Based Look at How China Scales Cyber Operations
How decentralized MSS and MPS tasking and market-enabled, cross-provincial execution by commercial firms shape the scale of China’s cyber operations
www.nattothoughts.com
January 28, 2026 at 3:16 PM
nattothoughts.bsky.social
Intense competition, rapid innovation, and strong state involvement define the overall trends in China’s cybersecurity industry for 2025. See our latest analysis

nattothoughts.substack.com/p/chinas-202...
China’s 2025 Top 20 Cybersecurity Companies: Which “Dark Horses” Will Emerge to Prominence in 2026?
Annual ranking reveals hyper-competitive, innovation-focused top performers – some familiar and some not so well known, with extensive government ties
nattothoughts.substack.com
January 14, 2026 at 3:40 PM
nattothoughts.bsky.social
From attack–defense thinking to vulnerability research and exposed threat actors, we explored key aspects of China’s cyber ecosystem in 2025.

nattothoughts.substack.com/p/a-look-bac...
A Look Back at the Top 5 Natto Thoughts Reports in 2025
From attack–defense thinking to vulnerability research and exposed threat actors, we explored key aspects of China’s cyber ecosystem
nattothoughts.substack.com
January 6, 2026 at 4:32 PM
nattothoughts.bsky.social
In this post, @euben.bsky.social and the Natto Team assess that provincial bureaus of the Chinese Ministry of State Security likely operate with their own tasking priorities, resources, and local ecosystems for cyber operations.

nattothoughts.substack.com/p/the-many-a...
The Many Arms of the MSS: Why Provincial Bureaus Matter in China’s Cyber Operations
Provincial bureaus of the Chinese Ministry of State Security likely operate with their own tasking priorities, resources, and local ecosystems for cyber operations
nattothoughts.substack.com
December 16, 2025 at 10:02 PM
nattothoughts.bsky.social
The Natto Team examines the leaked incident from Knownsec’s perspective to explore the role that elite Chinese cybersecurity companies play in building the country’s cyber capabilities.

nattothoughts.substack.com/p/knownsec-t...
Knownsec: The King of Vulnerability Missed Three Vulnerabilities of Its Own
The leak incident involving Chinese cybersecurity firm Knownsec shows the company’s seemingly transparent crisis management strategy and underscores its position in the industry, but mysteries remain.
nattothoughts.substack.com
December 3, 2025 at 5:10 PM
nattothoughts.bsky.social
In this Natto Thoughts' piece, with Eugenio Benincasa (@euben.bsky.social), we look into China's attack-defense labs and their role in operationalizing cyber capability for commercial purposes and state-linked cyber operations.

nattothoughts.substack.com/p/chinas-cyb...
China’s Cybersecurity Companies Advancing Offensive Cyber Capabilities Through Attack-Defense Labs
Private-sector attack-defense labs form a core pillar of how China builds, sustains, and operationalizes cyber capability for commercial purposes and state-linked cyber operations.
nattothoughts.substack.com
November 19, 2025 at 5:44 PM
nattothoughts.bsky.social
Researcher @sick.codes found a vulnerability in TCL TVs and reached out to TCL. What happened next?
New analysis from Natto Thoughts - how a single disclosure reshaped China’s approach to cybersecurity and control.

nattothoughts.substack.com/p/what-a-nar...
November 5, 2025 at 6:03 PM
nattothoughts.bsky.social
The Natto Team explores how APT27, HAFNIUM, and Silk Typhoon highlight the complexities of tracking threat actors and their real-world identities and why understanding the humans behind the keyboard matters.

nattothoughts.substack.com/p/beyond-the...
Beyond the Aliases: Decoding Chinese Threat Group Attribution and the Human Factor
Examining the overlap between APT27, HAFNIUM, and Silk Typhoon through recent U.S. government disclosures, and why understanding the humans behind the keyboard is important for cyber defenders
nattothoughts.substack.com
October 22, 2025 at 4:34 PM
nattothoughts.bsky.social
Our latest analysis digs into newly identified Salt Typhoon-linked companies, revealing the murky ecosystem of front firms and legitimate businesses that prop up Chinese state cyber operations.

A beacon of clarity? Or just more questions in the storm?

nattothoughts.substack.com/p/salt-typho...
Salt Typhoon: New Joint Advisory Offers a Beacon Through the Storm but Stirs Up New Questions
Analysis of newly identified Salt Typhoon-linked companies casts light on the complex ecosystem of front companies and real businesses supporting Chinese state cyber operations
nattothoughts.substack.com
September 10, 2025 at 4:33 PM
nattothoughts.bsky.social
@euben.bsky.social Eugenio’s research explains the elite cyber talent paradox in China - “all people are soldiers” vs “extremely lean.”

#Cybersecurity #TalentPipeline #CyberOperations

nattothoughts.substack.com/p/few-and-fa...
Few and Far Between: During China’s Red Hacker Era, Patriotic Hacktivism Was Widespread—Talent Was Not
Inside the small, elite circles that powered China’s massive hacker communities in the late 1990s and 2000s.
nattothoughts.substack.com
August 13, 2025 at 4:49 PM
Reposted by Natto Thoughts
euben.bsky.social
Microsoft is probing whether a MAPP leak let Chinese hackers exploit a SharePoint vuln pre-patch.

In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
July 31, 2025 at 4:44 PM
nattothoughts.bsky.social
Natto Thoughts examines HAFNIUM-linked hacker Xu Zewei and reveals ties between China’s state security agencies, cybersecurity firm and strategic industries.
nattothoughts.substack.com/p/hafnium-li...
HAFNIUM-Linked Hacker Xu Zewei: Riding the Tides of China’s Cyber Ecosystem
How one man’s career reveals the interconnected web of China’s state security apparatus, cybersecurity firms, and strategic industries
nattothoughts.substack.com
July 23, 2025 at 4:20 PM
Reposted by Natto Thoughts
euben.bsky.social
1/ China’s cyber capabilities didn’t start top-down, they started with raw hacking talent. The new CSS/ETH report "Before Vegas" traces how informal talent shaped China’s cyber ecosystem, moving from online forums to industry leaders (link in thread).
July 21, 2025 at 8:12 AM
nattothoughts.bsky.social
How has China advanced its AI development to its current state? No single innovation path in AI can be considered definitive.

nattothoughts.substack.com/p/debating-c...
Pick Your Innovation Path in AI: Chinese Edition
China’s advances in AI show the effects of a state approach of “introduce, digest, absorb, re-innovate” and years of debate on the balance between market-driven innovation and state-led development
nattothoughts.substack.com
July 10, 2025 at 7:14 PM
nattothoughts.bsky.social
What does China’s top vulnerability mining platform’s white hat elite growth system like? What are the capabilities needed to be an expert white hat hacker?

nattothoughts.substack.com/p/butian-vul...
Butian Vulnerability Platform: Forging China's Next Generation of White Hat Hackers
From 'Trouser Belt Project' to 'Patching the Sky': Qi An Xin’s Butian platform serves as cradle for nurturing new talent and smelter for refining seasoned hackers’ skills
nattothoughts.substack.com
June 25, 2025 at 6:24 PM
nattothoughts.bsky.social
We often questioned how they achieved their current status regarding China developing its cyber offensive capabilities. The Natto Team appreciates @euben.bsky.social for investigating the origin of the defense-through-offense approach.
June 11, 2025 at 4:53 PM
nattothoughts.bsky.social
The Natto Team explores the development of China's vulnerability research and discovery skills, starting from the vocational college level.

Thanks to @euben.bsky.social @dakotaindc.bsky.social Kristin Del Rosso for their previous research on the topic

nattothoughts.substack.com/p/when-a-voc...
From Humble Beginnings: How a Vocational College Became a Vulnerability Powerhouse
Qingyuan Polytechnic's focus on vulnerability studies highlights China's continued efforts in gathering vulnerability resources
nattothoughts.substack.com
May 28, 2025 at 4:46 PM
nattothoughts.bsky.social
The Natto Team continues finding stories of Chinese hackers fascinating as they reveal the motivations behind cyber operations and the evolution of China's information security industry.

nattothoughts.substack.com/p/stories-of...
From the World of “Hacker X Files” to the Whitewashed Business Sphere
Jiang Jintao’s journey from hacker to infosec entrepreneur illustrates the blend of ambition, skill, and changes in China's cybersecurity industry
nattothoughts.substack.com
May 14, 2025 at 4:22 PM
nattothoughts.bsky.social
This Natto Thoughts analysis was originally published last October. With new notes and updates added, we thought it is still relevant today to understand Russian ransomware actors and Russian political culture.

nattothoughts.substack.com/p/ransom-war...
Ransom-War and Russian Political Culture: Trust, Corruption, and Putin's Zero-Sum Sovereignty
Recent Western government revelations about EvilCorp flesh out how Russian ransomware actors and the Russian government use each other to navigate a world they perceive as dangerous.
nattothoughts.substack.com
May 2, 2025 at 4:54 AM
Reposted by Natto Thoughts
euben.bsky.social
In this piece with @nattothoughts.bsky.social's @meidanowski.bsky.social, we dug into China’s two naming-and-shaming campaigns over the past 30 days—targeting alleged Taiwanese and U.S. hackers amid escalating geopolitical tensions.

nattothoughts.substack.com/p/wars-witho...
Wars without Gun Smoke: China Plays the Cyber Name-and-Shame Game on Taiwan and the U.S.
China’s security services have called out hackers of an alleged “Internet Army of Taiwan Independence” and of the U.S. National Security Agency, signaling an increasingly confrontational approach
nattothoughts.substack.com
April 16, 2025 at 4:18 PM
nattothoughts.bsky.social
A case study of the i-SOON indictment and leaks reveals that source information may vary but it is important to compare and evaluate information for unique insights.

nattothoughts.substack.com/p/indictment...
Indictments and Leaks: Different but Complementary Sources
A case study of the i-SOON indictment and leaks reveals that source information may vary but it is important to compare and evaluate information for unique insights.
nattothoughts.substack.com
April 2, 2025 at 5:13 PM
nattothoughts.bsky.social
A recent research from Natto Thoughts about US-sanctioned, allegedly APT27-associated actor. #apt27

nattothoughts.substack.com/p/zhou-shuai...
Zhou Shuai: A Hacker’s Road to APT27
US-sanctioned, allegedly APT27-associated actor Zhou Shuai represents a group of Chinese elite hackers who have become an important resource for Chinese state cyber operations.
nattothoughts.substack.com
March 19, 2025 at 4:17 PM
nattothoughts.bsky.social
As the Natto Team was going to publish this piece, US Department of Justice unsealed an indictment charging eight i-SOON employees and highlighting the importance of companies like i-SOON in China's cyberthreat landscape.

nattothoughts.substack.com/p/where-is-i...
Where is i-SOON Now?
i-SOON’s business struggles after the leak reflect the cruel reality of China’s hacker-for-hire industry
nattothoughts.substack.com
March 5, 2025 at 5:32 PM
nattothoughts.bsky.social
We appreciate that more and more threat intelligence researchers value the importance of cultural component in APT research. @techy.detectionengineering.net
February 28, 2025 at 3:05 AM