The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program—years before the group targeted Cisco’s devices in a spy campaign.
That laudable statement, however, reads a bit differently when the “destiny” of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West—and many of Cisco's own products.
That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon. That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans’ real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others. Salt Typhoon has come to be known, in fact, for its sophisticated hacking of network devices—including those sold by Cisco, the world's biggest networking company. US government agencies have warned that the hackers exploited Cisco’s vulnerabilities to obtain user credentials and stealthily move through IT networks without planting malware on victims' machines that can be detected by typical security measures. Now Cary believes he’s deduced where a couple of the individuals tied to Salt Typhoon's hacking spree may have learned a few of their skills. He found the names of two partial owners of contract firms linked to Salt Typhoon in a recent US government advisory about the group. Those names—Qiu Daibing and Yu Yang—also appeared in university records, showing that students with the same two names had, years earlier, placed in the Cisco Networking Academy Cup, a competition designed to test participants on the knowledge taught in Cisco's Networking Academy training program. “It's just wild that you could go from that corporate-sponsored training environment into offense against that same company,” Cary says, describing his theory. “You have two students come out of this Cisco Networking Academy, and they go on to help conduct one of the most extensive telecom collection campaigns that's ever been made public.” When WIRED reached out to Cisco about Cary’s findings, the company responded in a statement that the Cisco Networking Academy is “a skills-to-jobs program that teaches foundational technology skills and digital literacy, helping millions of students obtain the skills to earn basic certifications for entry-level IT jobs each year,” adding that “this program is open to everyone” and has educated more than 28 million students in 190 countries since it launched in 1997. “Cisco remains committed to helping people around the world gain the foundational digital skills needed to access careers in technology and the opportunities they provide,” the company’s statement concludes. While the Cisco Networking Academy offers a general education in IT networking—not limited to Cisco products—it does prominently feature “ethical hacker” courses, including penetration testing and security vulnerability discovery and assessment, though it's not clear if Qiu and Yu took those courses. Cary's detective work that turned up Qiu and Yu's apparent participation in the Cisco Networking Academy began in September, when the Cybersecurity and Infrastructure Security Agency released an advisory in partnership with the FBI, the National Security Agency, and agencies in a dozen other countries that linked three companies to Salt Typhoon: Sichuan Juxinhe Network Technology, Beijing Huanyu Tianqiong Information Technology, and Sichuan Zhixin Ruijie Network Technology. Cary began looking up corporate records for those firms and found that Qiu Daibing owned 45 percent of the shares of Beijing Huanyu Tianqiong, that Yu Yang held the other 55 percent of shares of that company, and that Yu also held 50 percent of the shares of Sichuan Zhixin Ruijie. What's more, Qiu and Yu appear to have filed patents together, suggesting their involvement at Beijing Huanyu Tianqiong went beyond management to technical work, too. Cary began googling the two men's names and found that two people with those names appeared together in a document posted to the website of the university they appear to have attended, Southwestern Petroleum University in China's Sichuan province. The record shows that individuals with both names placed in the Cisco Networking Academy Cup in 2012: Qiu Daibing and a teammate ranked third nationally across China and first in Sichuan. Yu Yang and another teammate ranked second in Sichuan. Cary also spotted the LinkedIn page for a Qiu Daibing based in Sichuan who attended Southwestern Petroleum University and listed Ruijie Networks, a company with a different but strangely similar name to one named in the Salt Typhoon advisory, as his only “interest.' To try to determine the probability of those name repetitions being a coincidence, Cary checked two databases of Chinese names and consulted with Yi Fuxian, a professor of Chinese demography at the University of Wisconsin–Madison. The name Qiu Daibing—or 邱代兵 in Chinese characters—turned out to be a relatively unlikely name to show up twice just by chance, he says. The surname 邱 alone, Yi confirmed to WIRED, represents just 0.27 percent of Chinese names, and in combination with the specific 代兵 given name would represent a far smaller percentage. The name Yu Yang is more common. But the two names appearing in association seems less likely to be a coincidence, Cary theorizes. “The sheer improbability of somebody having this name also being paired with a Yu Yang, having this skill set and going to the same university in the same location where these companies are registered, it's just an incredibly small chance that these are not the right people,” Cary argues. WIRED attempted to contact Qiu Daibing and Yu Yang via both Qiu Daibing's LinkedIn page and an email address on the website of Beijing Huanyu Tianqiong but received no response. If Cary's theory that two men linked to Salt Typhoon were in fact trained in Cisco's Networking Academy is correct, it doesn't represent a flaw or security oversight in Cisco's program, he says. Instead, it points to a tough-to-avoid issue in a globalized market where technology products—and even training in the technical details of those products—are widely available, including to potential hacking adversaries. Cary argues that the issue has only become more glaring, however, as China has tried for years to replace Cisco equipment and other Western devices in its own networks with domestic alternatives. “If China is moving in the direction of actually removing these products from Chinese networks,” Cary asks, 'who's still interested in learning about them?' China has, meanwhile, increasingly restricted its own information-sharing with the global cybersecurity community, points out John Hultquist, chief analyst at Google's Threat Intelligence Group, for instance, by pressuring security researchers not to present findings at international conferences. “It's like we're in a sharing group, and they've told us straight to our face that they're not going to reciprocate,” Hultquist says. “We're benefiting them with our programs. But it's not going in the other direction.”
Cybersecurity Hacking Malware Vulnerabilities Security National Security Hackers
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Immigrant advocates protest at Salt Lake immigration facility amid talk of heightened enforcementTim Vandenack covers immigration, multicultural issues and Northern Utah for KSL. He worked several years for the Standard-Examiner in Ogden and has lived and reported in Mexico, Chile and along the U.S.-Mexico border.
Read more »
Men's Health: Routine Screenings Essential for Men Over 40, Doctors SayA Cleveland Clinic survey reveals that men often delay medical check-ups despite higher rates of chronic diseases. Physicians emphasize the importance of routine screenings for men in their 40s to detect and address health issues early on. Experts recommend essential medical tests, including complete blood counts, to maintain health and prevent life-threatening conditions. The focus is on proactive health management and early intervention.
Read more »
Salt Lake County DA unveils new screening dashboard for the publicPat Reavy interned with KSL in 1989 and has been a full-time journalist for either KSL or Deseret News since 1991. For the past 25 years, he has worked primarily the cops and courts beat.
Read more »
Taste Utah Bytes - Salt Lake CountyLocated in downtown Salt Lake City at 268 South State Street, Monarca brings a fresh, modern twist to traditional Mexican cuisine.Known for its vibrant atmosph
Read more »
Salt Lake City Mission hosts special holiday meal events to aid struggling familiesThe Salt Lake City Mission is an equal opportunity service provider focused daily on helping the homeless, feeding the hungry, and assisting low income families
Read more »
The US Won't Sanction China for Salt Typhoon HackingPlus: Officials warn of a disturbingly stealthy Chinese malware specimen, a CISA nomination stalls, and more.
Read more »