top of page
  • Writer's pictureEPCYBER

CTI Vendors Lack of visibility on China's Threat Landscape

Many Western Cyber Threat Intelligence firms and vendors frequently struggle to successfully detect threats inside the complex Chinese cyber ecosystem, that's a fact, even if you got the linguistics covered, it doesn't mean you produce valuable CTI from Chinese dark web forums and markets. But why it's still such a challenge today? and why linguistics doesn't always help?

Image by - 23rd oct 2023

We are releasing a new resource book for our Chinese OSINT Investigator : Breaking the Barriers course
This includes all resources for those of you monitoring cyber-crime and cyber threats originating from China, monitoring discussion and targeted chatter, new tools, malware, exploits, vulnerabilities discussions, technologies, scripts, ransomware, as-a-service, hacking, fraud, scam, ATO, different types of threats related to different industries today that are an interest to Chinese threat actors.
We provide to you Chinese hacker forums, communities, unique resources and groups an communication channels that are not as conventional where you can identify this activity, closed groups and resources, discussion boards, news boards, blogs, dark web forums, dark web
Also, you're getting Chinese hacker slang, keywords, phrases, guided case scenarios with visuals, examples, how to search, where to search, how to approach finding new sources, and all things much needed to fill the gap for CTI companies today in the Chinese cyberspace.

The thing is, language skills won't always help CTI to be of value

- Threat actors operations and the ecosystem have changed over the years, today you mostly won't find them mentioning company names directly, when they sell compromised databases.

- Identifying threat data is an art, it's about out of the box thinking, "thinking like the threat actor", thinking creatively and understand that threats may not always reside in the "open" and "publicly or easily accessible" resources.

- Threats from the public and open sources to which you simply require to register is in our eyes simply a basic resource, nothing special about it's value, something anyone can have, anyone can access.

- The issue today is that most CTI vendors are focused on the wrong sources, that's a fact, if you take majority of the 99% of TIPs or dark web aggregators, these have the most basic source coverage and scraping abilities, that's also a fact.

- Linguistics is not everything when talking about threat identification, you gotta know how to blend the CN hacker ecosystem know how with technical skills, that's inevitable.

- This is why today, in the current landscape there are a lot of gaps in delivery of valuable reports to clients, about their full threat "picture".

- Recently we've witnessed a lot of Western dark web forums being shut down by authorities, like Raid, Breached, Genesis, because of these changes, Western threat actors may be discouraged from using such "easily monitored" platforms and instead turn to Chinese-language discussion boards.



Related Posts

See All


bottom of page