Eugenio Benincasa
@euben.bsky.social
Cyber Defense Researcher @ethz.ch. Former Italian govt, Pacific Forum and NYPD. LUISS & Columbia University Alum.
Microsoft is probing whether a MAPP leak let Chinese hackers exploit a SharePoint vuln pre-patch.
In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
July 31, 2025 at 4:44 PM
Microsoft is probing whether a MAPP leak let Chinese hackers exploit a SharePoint vuln pre-patch.
In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
In this new piece for Natto,
@dakotaindc.bsky.social, @meidanowski.bsky.social & I dig into:
🏛️ China's vuln reporting rules
📉 Which firms joined/left MAPP since 2018
⚠️ The risks today’s members pose
3/ Some Red 40 hackers have carried out operations on behalf of China’s military and intelligence services. Their informal networks, formed during their teens or twenties as members of the same hacking groups, exemplify tool sharing and collab that underpins China’s APTs MO.
July 21, 2025 at 8:12 AM
3/ Some Red 40 hackers have carried out operations on behalf of China’s military and intelligence services. Their informal networks, formed during their teens or twenties as members of the same hacking groups, exemplify tool sharing and collab that underpins China’s APTs MO.
1/ China’s cyber capabilities didn’t start top-down, they started with raw hacking talent. The new CSS/ETH report "Before Vegas" traces how informal talent shaped China’s cyber ecosystem, moving from online forums to industry leaders (link in thread).
July 21, 2025 at 8:12 AM
1/ China’s cyber capabilities didn’t start top-down, they started with raw hacking talent. The new CSS/ETH report "Before Vegas" traces how informal talent shaped China’s cyber ecosystem, moving from online forums to industry leaders (link in thread).
Original notice. Source: cn.chinadaily.com.cn/a/202504/15/...
April 15, 2025 at 9:03 AM
Original notice. Source: cn.chinadaily.com.cn/a/202504/15/...
end of page ofac.treasury.gov/recent-actio...
January 17, 2025 at 8:05 PM
end of page ofac.treasury.gov/recent-actio...
The stories you can uncover through research.
This part made me giggle: "This was the first hacker attack in my life, and my teacher was my own hormones."
This part made me giggle: "This was the first hacker attack in my life, and my teacher was my own hormones."
January 11, 2025 at 3:11 PM
The stories you can uncover through research.
This part made me giggle: "This was the first hacker attack in my life, and my teacher was my own hormones."
This part made me giggle: "This was the first hacker attack in my life, and my teacher was my own hormones."
Executives of i-Soon, whose leaked internal files this year exposed its role in state-sponsored espionage, discussed accessing Tianfu Cup vulns, confirming the competition's role as a likely feeder system for security agencies.
("Same Same, but Different" by @winnona.bsky.social)
5/6
("Same Same, but Different" by @winnona.bsky.social)
5/6
December 16, 2024 at 1:35 PM
Executives of i-Soon, whose leaked internal files this year exposed its role in state-sponsored espionage, discussed accessing Tianfu Cup vulns, confirming the competition's role as a likely feeder system for security agencies.
("Same Same, but Different" by @winnona.bsky.social)
5/6
("Same Same, but Different" by @winnona.bsky.social)
5/6
The process of feeding hacking contest vulnerabilities to security agencies is explicitly stated in China's own directive on hacking competitions (2018). (Text from "Capture the (red) flag" report, coauthored this year with @dakotaindc.bsky.social)
2/6
2/6
December 16, 2024 at 1:35 PM
The process of feeding hacking contest vulnerabilities to security agencies is explicitly stated in China's own directive on hacking competitions (2018). (Text from "Capture the (red) flag" report, coauthored this year with @dakotaindc.bsky.social)
2/6
2/6
"It is normal to strengthen technical exchanges and promote scientific and technological innovation"...
"by harnessing hacking contest vulnerabilities for strategic use by security agencies*"
There, fixed it for them.
Analyses backing this up 👇 (1/6)
(Source: www.newsweek.com/us-indicts-h...)
"by harnessing hacking contest vulnerabilities for strategic use by security agencies*"
There, fixed it for them.
Analyses backing this up 👇 (1/6)
(Source: www.newsweek.com/us-indicts-h...)
December 16, 2024 at 1:35 PM
"It is normal to strengthen technical exchanges and promote scientific and technological innovation"...
"by harnessing hacking contest vulnerabilities for strategic use by security agencies*"
There, fixed it for them.
Analyses backing this up 👇 (1/6)
(Source: www.newsweek.com/us-indicts-h...)
"by harnessing hacking contest vulnerabilities for strategic use by security agencies*"
There, fixed it for them.
Analyses backing this up 👇 (1/6)
(Source: www.newsweek.com/us-indicts-h...)
China govt contractors like Elex (below) likely support state info ops by creating networks of fake accounts "to form online public opinion forces..on platforms like Facebook, Twitter, and YouTube." Understanding exactly how these work should be key to maintaining a healthy platform @safety.bsky.app
November 26, 2024 at 5:00 PM
China govt contractors like Elex (below) likely support state info ops by creating networks of fake accounts "to form online public opinion forces..on platforms like Facebook, Twitter, and YouTube." Understanding exactly how these work should be key to maintaining a healthy platform @safety.bsky.app
In China, where the military-civilian divide is blurred, hacking contests and bug bounty programs help assess the strength of its offensive cyber ecosystem.
This graph shows my understanding of it.
Insights in short thread: threadreaderapp.com/thread/17964...
Full Report: shorturl.at/WsjFa
This graph shows my understanding of it.
Insights in short thread: threadreaderapp.com/thread/17964...
Full Report: shorturl.at/WsjFa
June 4, 2024 at 8:05 AM
In China, where the military-civilian divide is blurred, hacking contests and bug bounty programs help assess the strength of its offensive cyber ecosystem.
This graph shows my understanding of it.
Insights in short thread: threadreaderapp.com/thread/17964...
Full Report: shorturl.at/WsjFa
This graph shows my understanding of it.
Insights in short thread: threadreaderapp.com/thread/17964...
Full Report: shorturl.at/WsjFa
New CSS at @ethzurich.bsky.social Cyberdefense Report “From Vegas to Chengdu: Hacking Contests, Bug Bounties, and China’s Offensive Cyber Ecosystem” is out: css.ethz.ch/content/dam/...
May 30, 2024 at 8:58 AM
New CSS at @ethzurich.bsky.social Cyberdefense Report “From Vegas to Chengdu: Hacking Contests, Bug Bounties, and China’s Offensive Cyber Ecosystem” is out: css.ethz.ch/content/dam/...