Our last article left you on a cliff edge. What did we find on the dark web which proved so illuminating?
Well, it would seem things at Wuhan Xiaoruizhi are not all well.
In a post which was later redacted and then disappeared with the downfall of breachforums, we found a post from someone who claimed to be a representative of a disaffected hacker selling the identities of 100 of their colleagues from an ‘elite hacking team’ in Wuhan.
The poster goes on to claim that Wuhan Xiaoruizhi was a cover company for MSS hacking activity in Wuhan. The company had a few teams working for the MSS, but in 2020, teams started working under new companies.
These are some astonishing claims, but at team Intrusion Truth we are nothing if not diligent and wanted to get to the bottom of this ourselves. Could we also link Wuhan Xiaoruizhi to the MSS? Could we link it to an APT?
One thing was for sure, Wuhan Xiaoruizhi deserved more of our attention. We searched far and wide for months to gather more information on who works or has worked there. Inspired by our success with Xiong Wang’s insurance record, we decided to widen the net. After months of effort, we found the gem we had been waiting for: the social insurance records for Wuhan Xiaoruizhi.
To spare the reader endless documents we have collated as many of the names we can find who have worked at Wuhan Xiaoruizhi as we can:
| Chinese | Pinyin |
| 曹锦芳 | Cao Jinfang |
| 常振 | Chang Zhen |
| 程鼎 | Cheng Ding |
| 程锋 | Cheng Feng |
| 顾成武 | Gu Chengwu |
| 侯强 | Hou Qiang |
| 胡嘉祥 | Hu Jiaxiang |
| 黄增辉 | Huang Zenghui |
| 黄震 | Huang Zhen |
| 黄振 | Huang Zhen |
| 李海青 | Li Haiqing |
| 李家诚 | Li Jiacheng |
| 李圣胜 | Li Shengsheng |
| 李义龙 | Li Yilong |
| 廖绪良 | LiaoXuliang |
| 刘晨成 | Liu Chencheng |
| 刘宏伟 | Liu Hongwei |
| 马欢 | Ma Huan |
| 唐星昭 | Tang Xingzhao |
| 涂梦 | Tu Meng |
| 万光灿 | Wan Guangcan |
| 王意军 | Wang Yijun |
| 魏耀斌 | Wei Yaobin |
| 熊旺 | Xiong Wang |
| 鄢文龙 | Yan Wenlong |
| 杨鑫 | Yang Xin |
| 苑红曦 | Yuan Hongxi |
| 张超锋 | Zhang Chaofeng |
| 张立业 | Zhang Liye |
| 赵光宗 | Zhao Guangzong |
| 周鑫 | Zhou Xin |
| 左鹤群 | Zuo Hequn |
And here are some examples of the documents which form the basis of this list:
Cheng Ding insurance record
Zhao Guangzong insurance record
Zhang Chaofeng insurance record
Xiong Wang insurance record
You might recognize some of the names on the larger list: 黄振 AKA Huang Zhen, 黄震 AKA Huang Zhen, and 李义龙 Li Yilong were also satisfied customers from Kerui Cracking Academy from Article 2. Don’t you just love it when things come full circle? Could it be that the ‘undisclosed private company working supporting the government’ Li Yilong claimed to work at is none other than Wuhan Xiaoruizhi itself? Could Kerui be a pipeline into Xiaoruizhi?
Beyond getting reacquainted with our old friends above, this list of employees provided a number of interesting leads. But one of the names cracked our case wide open. Meet Cheng Feng.
Intrusion Truth 