Natto Thoughts

Natto Thoughts explores the multifaceted impact of global issues at the intersection of culture, technology, and security, through analysis, stories, and insights. It covers state-sponsored cyber operations, geopolitical tensions, digital governance, disinformation tactics, and the socio-political dynamics influencing cybersecurity practices and policies worldwide.

Cybersecurity Geopolitical Tensions Digital Governance Disinformation Cultural Dynamics Technology Trends Global Security Issues

The hottest Substack posts of Natto Thoughts

And their main takeaways

Intrusion Truth Methods: How Can They Get It Right Again and Again?

79 implied HN points 10 Apr 24
🕹 Technology Cybersecurity Investigative Reporting Threat intelligence Community Building
  1. Intrusion Truth has a track record of correctly identifying Chinese threat actors tied to APT groups, leading to US DoJ indictments.
  2. Their success stems from starting investigations by leveraging report findings, receiving tips, and exploring science and technology companies in specific regions.
  3. Intrusion Truth's methods showcase the value of outdated research, the importance of community collaboration for threat hunting, and the need for deep understanding of the threat environment.

Too Many Toads: Lost in Translation

39 implied HN points 17 Apr 24
🌍 World Politics Cybersecurity Russian Influence
  1. Machine translations can lead to misunderstandings in cybersecurity investigations, such as referring to 'toads' instead of messaging services like Jabber. Dates are vital in understanding conversations and events, providing crucial context for analysis.
  2. Understanding cultural and linguistic nuances is key in interpreting original texts; for example, 'soap' in Russian slang can mean 'email.' Analyzing words like 'world' or 'peace' requires understanding of cultural and political contexts.
  3. Sharing original language texts and dates can uncover deeper insights in cybersecurity investigations, as seen in the case study of Conti ransomware group. Deep knowledge of language and culture is valuable for comprehensive analysis.

Soviet Echoes and the Ability to Change: Reflections on the Funeral of Russian Opposition Leader Alexei Navalny

79 implied HN points 03 Apr 24
🌍 World Politics Human Rights
  1. Navalny's death and funeral highlight his movement's evolution from Russian-chauvinist views and its connection to the Soviet dissident movement.
  2. Funerals have historically been used as opportunities for quiet protest and expression of political grievances in Russia, dating back to the Soviet era.
  3. Navalny's shift in policies towards support of Ukraine and Amnesty International's recognition of his evolving views showcase the capacity for change and growth within political movements.

i-SOON: Kicking off the Year of the Dragon with Good Luck … or Not

199 implied HN points 28 Feb 24
🌍 World Politics China Cybersecurity Government Military Espionage
  1. The leaked documents provide valuable insights into the business culture and practices of China's hacker-for-hire industry, showing the importance of connections and relationships in the pursuit of profits.
  2. The relationship between i-SOON and Chengdu 404 is complex, involving not just business partnerships but also competition, bid rigging, and sharing of tools and vulnerabilities.
  3. i-SOON's business struggles illustrate that the commercial hacking industry in China is profit-driven and reliant on navigating relationships and government policies to secure contracts and business opportunities.

i-SOON: “Significant Superpower” or Just Getting the Job Done?

159 implied HN points 07 Mar 24
🕹 Technology Cybersecurity Vulnerabilities
  1. A company's success heavily relies on hiring the right people and retaining them through competitive pay and employee-focused strategies.
  2. Business processes at i-SOON were dynamic and complex, involving partnerships, bid rigging, profit-sharing, and diversification to stay competitive.
  3. i-SOON's technology strategy focused on finding and exploiting vulnerabilities, although it faced challenges in developing its own exploits.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

i-SOON Leak: Unanswered Questions and What Now?

79 implied HN points 27 Mar 24
🕹 Technology Cybersecurity Government Hacking Surveillance
  1. Chinese hacker groups have historically displayed poor operations security, making mistakes and leaving evidence, despite successfully targeting critical infrastructure.
  2. The leaked i-SOON documents reveal the extensive involvement of private cyber security companies in China, indicating the government's reliance on external expertise.
  3. The effectiveness of the 'name-and-shame' strategy in compelling or deterring behavior of exposed Chinese threat actors appears limited, as seen with cases like Chengdu 404 and Goldsun.

Leaks Expose Chinese, Russian and German Security Fears

79 implied HN points 20 Mar 24
🌍 World Politics Russia China Germany Security
  1. China has been implementing a policy to replace foreign software with domestic alternatives since at least 2013 due to security concerns.
  2. Leaked Russian military files revealed discussions on potential use of nuclear weapons in response to threats, highlighting concerns about China's intentions and escalation approaches.
  3. A leaked plan from the German military raised questions about cybersecurity and military communication deficiencies, emphasizing vulnerabilities and potential disinformation tactics in conflicts.

i-SOON Operations: A View from Kazakhstan

79 implied HN points 13 Mar 24
🌍 World Politics Cybersecurity China Government Response Espionage
  1. The leaked materials from Chinese information security company i-SOON exposed cyber-vulnerabilities in Kazakhstan and highlighted the country's strategic importance to China in terms of economy and politics.
  2. Kazakh non-governmental cybersecurity experts criticize the government's cybersecurity efforts, pointing out weaknesses in infrastructure and the need for a separate, independent agency responsible for cybersecurity.
  3. Official responses from Kazakhstan avoid directly naming China in connection to the cyber-attacks, opting for diplomatic language and acknowledging foreign hacker activity without outright accusing a specific country.

When “Volt Typhoon” Blows Over: Cases of China’s Offensive Cyber Operation

99 implied HN points 09 Feb 24
🕹 Technology Cybersecurity Espionage Ransomware
  1. China's state-backed cyber threat group Volt Typhoon is targeting critical infrastructure in the US, showing a shift from espionage to preparing for destructive cyberattacks.
  2. Chinese cyber campaigns have evolved to focus on offensive operations like disrupting or destroying target organizations, in addition to traditional cyber espionage.
  3. China's interest in offensive cyber operations has been growing since at least 2000, involving the integration of military, government, and private sector resources to build offensive cyber capabilities.

i-SOON: Another Company in the APT41 Network

219 implied HN points 27 Oct 23
🕹 Technology Cybersecurity Hacking Surveillance Malware
  1. A lawsuit revealed potential business ties between Chengdu 404 linked to APT41 and Sichuan i-SOON, shedding light on the ecosystem of IT companies in which these hackers operate.
  2. Sichuan i-SOON has strong connections with universities, offers training programs, and possesses qualifications to work for state security, raising questions about its potential involvement in APT activities.
  3. The similarities between Sichuan i-SOON and Chengdu 404, along with i-SOON's capabilities in surveillance-related technologies, suggest a possible link to APT41 activities and other Chinese APT groups like RedHotel/Earth Lusca.

The East Is Rising – Or Is It? Plus “Obituary Pirates,” Russian Information Warfare “Strategy Without Design,” The New Climate Denial, and How Libraries Arm the Elderly Against Disinformation

59 implied HN points 01 Feb 24
🌍 World Politics Global Alliances Information Warfare Climate Denial Disinformation
  1. Russia is projecting confidence in alliances with China and the Global South to undermine the West's dominance in the world financial system.
  2. China's support for Russia has limits, and Chinese intentions may not align with Moscow's grandiose visions.
  3. Russian information warfare strategy focuses on influencing enemy populations and governments to disrupt their ability to resist aggression, with a shift toward proxy operations and strategic use of social media influencers.

Does China Have a Timeline for Taking Over Taiwan?

59 implied HN points 26 Jan 24
🌍 World Politics China Taiwan Military Xi Jinping
  1. China has not specified a timeline for taking over Taiwan, but maintains a firm stance on reunification with force if necessary
  2. Xi Jinping has made it clear that he reserves the option to use force to achieve reunification of Taiwan
  3. Speculations on potential timelines for China taking military action against Taiwan are based on significant dates and goals, including by 2027, 2035, and before 2049

Wazawaka & Co.

39 implied HN points 15 Feb 24
🕹 Technology Cybercrime Ransomware Hackers
  1. A new report by Prodaft sheds light on the intricate world of Russian cybercrime communities, revealing relationships among prominent hackers including Mikhail Matveev.
  2. Matveev, also known as Wazawaka, plays a significant role in leading a cybercriminal team orchestrating ransomware attacks, showcasing the dynamic and unethical practices within the ransomware ecosystem.
  3. Prodaft's report unveils Matveev's connections to other cybercriminal groups, such as Babuk and EvilCorp, underscoring the complex relationships and betrayals within the Russian cyber underground.

Disinformation Handbook: A Concise Guide to Countering Disinformation (1)

79 implied HN points 30 Nov 23
  1. Disinformation involves spreading false or misleading information to manipulate and deceive people, which can have serious consequences like ruining reputations, provoking violence, or affecting elections.
  2. Different terms like disinformation, misinformation, and malinformation have specific definitions and reflect various tactics used in information operations.
  3. Information operators use a wide range of tactics, such as algorithmic manipulation, amplification through social media, and false personas to influence public opinion and behavior.

History and Hope

39 implied HN points 18 Jan 24
💾 History Lessons Hope Institutions Responsibility
  1. Timothy Snyder promotes the 'Politics of Responsibility' as a way to address political anxieties and avoid complacency.
  2. Snyder emphasizes the importance of defending institutions like the free press and democracy, even in the face of imperfections and challenges.
  3. Cultivating hope involves helping others, living in the present, seeking quiet signs of progress, and building community connections to strengthen societal bonds.

Wazawaka & Co., Part 2: Patriotic Hacker

19 implied HN points 22 Feb 24
🌍 World Politics Cybercrime Ransomware International relations
  1. Matveev, a.k.a. Wazawaka, of the Babuk ransomware group aligns his attacks with Russian strategic interests, suggesting a possible connection to the Russian state.
  2. The Russian government views IT experts and hackers as valuable assets and can use them as a deterrent against adversaries, as seen in battles over extradition and state-coordinated cyber operations.
  3. Ransomware criminals like Matveev may mix financial motives with political considerations by targeting victims and timing attacks to align with state goals as seen in Babuk's attacks on the DC Metropolitan Police Department and Costa Rica.

Tianfu Cup 2023: Still a Thing

79 implied HN points 16 Nov 23
🕹 Technology Cybersecurity Competition Vulnerabilities Regulations
  1. China's Tianfu Cup hacking competition has evolved from focusing on foreign products to including more domestic products as targets, sparking concerns among Western companies and security experts.
  2. The competition rules of Tianfu Cup 2023 included new sections for exploit demonstration review process and responsible vulnerability disclosure, highlighting the importance of following responsible disclosure procedures in the competition.
  3. In Tianfu Cup 2023, two teams successfully hacked VMware products, winning the top awards, although the competition results did not provide much detail on other attempts on domestic targets.

China Looms over Taiwan Election; US-China Military Talks Resume; Bush's Legs and Putin's Eggs; Brittleness in Putin's System; China and Russia in Africa

39 implied HN points 11 Jan 24
🌍 World Politics Taiwan Russia Africa
  1. Taiwan's 2024 Presidential Election focuses on identity, China relations, and economic well-being, with China attempting to influence the outcome through information operations.
  2. US-China military talks resumed with tension over Taiwan remaining a core issue, indicating China's unwavering stance on Taiwan despite the talks.
  3. Putin's rule in Russia shows signs of fragility with declining support for the war in Ukraine, mysterious deaths, and corruption within law enforcement agencies, signaling potential instability.

i-SOON Toolkit: What is “TZ”?

1 HN point 24 Apr 24
🕹 Technology Cybersecurity Networks Investigation Intelligence Training
  1. The acronym "TZ" found in leaked i-SOON documents could stand for phrases like special investigation or special reconnaissance, and it is crucial for Chinese public security bureaus, hinting at its importance in network security efforts.
  2. In the context of Chinese acronyms, TZ might represent Chinese phrases with Pinyin initials T and Z, such as investment, special investigation, special military, or other relevant terms.
  3. Companies like i-SOON have seen business opportunities in offering products and training related to network investigation and reconnaissance, indicating a high demand for capabilities in this area among Chinese public security bureaus.

Polish Railway Sabotage on the Cheap

99 implied HN points 15 Sep 23
🌍 World Politics Security Sabotage Tensions Espionage Elections
  1. Recent disruptions in Poland's train system raise concerns about the vulnerability of critical infrastructures.
  2. There is suspicion of amateurish sabotage involving the activation of emergency brakes on trains in Poland, highlighting system vulnerabilities.
  3. The incidents on Polish railroads underscore the importance of digital system transitions to enhance security and prevent potential threats.

Mideast War: Blessing and Curse for Russia

59 implied HN points 09 Nov 23
🌍 World Politics Russia Conflict Anti-Semitism
  1. The Mideast conflict benefits Russia through distracting the West from supporting Ukraine, undermining US efforts in the Middle East, and increasing disillusionment with the West among Global South countries.
  2. The conflict could lead to a rise in oil prices, boosting Russian government revenues, while tarnishing Israel's image as a model for Ukraine.
  3. Passionate disagreements over the Mideast conflict within the political left worldwide play into the hands of Russia by weakening Western countries and inflaming internal discord.

Disinformation Handbook: A Concise Guide to Countering Disinformation (3)

39 implied HN points 14 Dec 23
🕹 Technology Disinformation Media Manipulation Journalism Data journalism Online Security
  1. Understanding concepts and tactics associated with disinformation is crucial in countering its harmful effects.
  2. Detecting disinformation and avoiding manipulation involves learning from organizations and individuals who are actively working against it.
  3. Accessing resources such as handbooks, guides, and reports can provide valuable insights and strategies for countering and combating disinformation.

Apple Squeezed; Russian Propaganda's Limits; No Cyber Pearl Harbor; Chinese Programmer's GitHub Earnings Confiscated; Russian Hackers Bribe Official

59 implied HN points 06 Oct 23
🌍 World Politics China Russia Hackers Propaganda
  1. Apple faced challenges complying with Chinese regulations, leading to restrictions on its business in China, despite its efforts.
  2. US defense officials have revised assumptions about cyber warfare, realizing that cyber attacks may be less impactful in shooting wars than previously thought.
  3. A Chinese programmer had their earnings from GitHub confiscated by a local public security bureau for using a VPN, sparking concerns about the impact on professionals who rely on VPNs for work outside China.

China Joins the Name-and-Shame Game

59 implied HN points 29 Sep 23
🌍 World Politics Cybersecurity United States China Espionage Collaboration
  1. China has shifted the practice of public cyber attribution from cybersecurity companies to government-led initiatives.
  2. Multiple Chinese government agencies, particularly the Ministry of State Security, are now actively involved in public cyber attribution against the US.
  3. China has increased the intensity and pace of public cyber attribution in 2023, calling out alleged US hacking activities several times and mirroring Western practices.

For Some Ukrainians, Russian Language Triggers Trauma Response

79 implied HN points 18 Aug 23
🌍 World Politics Language Identity Conflict Government Society
  1. The coexistence of Ukrainian and Russian languages reflects a historical colonial relationship between Russia and Ukraine, where bilingualism now gives Ukrainians an edge in understanding Russian aggressors.
  2. The Russian language has become triggering for some Ukrainians due to traumatic experiences during the ongoing conflict, leading to a shift away from using Russian in favor of embracing Ukrainian identity.
  3. Attitudes towards language in Ukraine are complex, with a growing support for the Ukrainian language and a nuanced approach that includes both Ukrainian and Russian speakers promoting Ukrainian in public life for a more inclusive civic definition of Ukrainian identity.

Mideast Crisis and Russia, Cyberspace, Disinformation; China Fears Weather Station Snooping; Belt and Road Milestone

39 implied HN points 02 Nov 23
🌍 World Politics Disinformation China
  1. The Mideast crisis impacts Russia and cyber warfare is playing a significant role in the conflict.
  2. Disinformation is rampant in the Mideast conflict, leading to widespread confusion and misinformation.
  3. China is dealing with foreign-related meteorological detection sites, worries about espionage, and celebrates the Belt and Road Initiative's 10th anniversary.

Rebuilding Ukraine – Hopes and Fears

79 implied HN points 20 Jul 23
🌍 World Politics Reconstruction Corruption Civil Society
  1. Ukraine faces a massive task of rebuilding post-war, with estimates ranging from $349 billion to $1 trillion, involving extensive economic, social, and political challenges.
  2. The role of civil society in Ukraine's recovery is crucial, with innovative initiatives like solar power projects and sustainable reconstruction efforts playing a significant part in the country's rebuilding process.
  3. To tackle corruption in Ukraine, anti-corruption reforms are essential to build investor confidence while ensuring funds are used effectively and sparking progress towards a more transparent and accountable future.

Enjoy the Holidays!

19 implied HN points 21 Dec 23
🎭️ Culture Holiday Newsletter
  1. The Natto Team will take a few weeks off to spend time with family and friends and will resume the newsletter in January.
  2. A video about the Power of Natto is shared for fun during the break.
  3. Readers are encouraged to subscribe for free to receive new posts and support the Natto Team's work.

When This “Red Boy” Grows Up, AI-Based Tool 360GPT Could Give China an Edge in Cyber Conflict

99 implied HN points 12 May 23
🕹 Technology AI Cybersecurity China Big Data
  1. Qihoo 360 is developing an AI tool called 360GPT that could potentially enhance China's cyber defense capabilities.
  2. Zhou Hongyi, the founder of Qihoo 360, is actively embracing AI technology to strengthen cybersecurity in China and prepare for cyber warfare.
  3. There are tensions between the US and China in the cyber realm, with Qihoo 360 openly calling out US hacking activities and emphasizing the need for national preparedness in cyber warfare.

Extradition battles, Japan's Defense White Paper, Hybrid Russian cybercrime, Chinese text input method vulnerabilities, Putinism in a nutshell

59 implied HN points 11 Aug 23
🌍 World Politics International relations Cybersecurity Geopolitics Dictatorship National Security
  1. US facing setbacks in extraditing suspects from Russia, with delays in decisions
  2. Japan's Defense White Paper upsetting China by calling their military activities a strategic challenge
  3. Vulnerabilities found in the Sogou input method used widely in China, raising concerns about eavesdropping and Chinese government monitoring

Disinformation Handbook: A Concise Guide to Countering Disinformation (2)

19 implied HN points 07 Dec 23
🕹 Technology Disinformation Artificial Intelligence Social media Fact-checking Data Analysis
  1. The post discusses disinformation and how it can harm individuals and society.
  2. Tips are provided to detect and avoid disinformation, including advice on how to investigate sources and spot deepfakes.
  3. Various professionals like litigators, intelligence analysts, fact-checkers, and historians, provide valuable insights for countering disinformation.

Self-Proclaimed Vigilante Hacker Casts Light on Chinese Criminals’ Global Cyber Scamming Sweatshops

39 implied HN points 01 Sep 23
🕹 Technology Cybersecurity Technology Tools Globalization
  1. Chinese criminal groups have rapidly expanded cyber scam operations targeting victims worldwide, utilizing tactics like false romantic ploys and false investment schemes.
  2. The cyber scam industry in China has become industrialized, professionalized, and involves cross-border operations, employing professionals, leveraging gray technology development industry chains, and exploiting corrupt insiders.
  3. To avoid falling victim to cyber scams, it's crucial to be vigilant, use common sense, and verify offers that sound too good to be true.

BRICS Meeting, China- and Russia-Friendly Peace Activists, Bootleg “Barbie,” Aesopian Language, Prigozhin

39 implied HN points 25 Aug 23
🌍 World Politics BRICS Russia China Ukraine Censorship
  1. The BRICS Summit is significant for China, showcasing their strong interest in expanding cooperation with other countries.
  2. American peace activists have differing views on the Russia-Ukraine conflict, highlighting divisions within the peace advocacy community.
  3. Russians are finding creative ways to access content like pirated Barbie movies amidst government bans, showing a desire for diverse narratives.

Russian crisis actors in Ukraine; China’s “Old Friend” Henry Kissinger visits; Russian nuclear saber-rattling; China’s Law on Foreign Relations; Cyber risks in solar equipment

39 implied HN points 28 Jul 23
🌍 World Politics Russia China Nuclear Law
  1. Russian disinformation involved staged stories by crisis actors to justify invasion of Ukraine.
  2. Henry Kissinger's visit to China signals US efforts to improve relations and China's strategic messaging.
  3. The implementation of China's Law on Foreign Relations strengthens China's global influence and emphasizes China-centric order.

To Talk or Not to Talk: In US-China Communication Breakdown, Taiwan Question is the “Core of the Core”

39 implied HN points 07 Jul 23
🌍 World Politics US-China Relations Cultural differences
  1. China's lack of interest in military communication with the US is driven by its obsessive focus on solving the Taiwan issue in its own interest, highlighting the core importance of the Taiwan question in US-China relations.
  2. US-China military communication breakdown reflects cultural differences, with China refusing to engage due to perceived disrespect and lack of favorable conditions, showcasing the significance of mutual respect in cross-cultural communication.
  3. China's confidence in its military power, particularly in relation to Taiwan, influences its reluctance to engage in military talks with the US, indicating growing Chinese assertiveness and the importance of open communication channels despite tensions.

Disrupt and Demoralize, Deniably

19 implied HN points 13 Oct 23
🌍 World Politics Cyber Operations Russian Influence Information Warfare Election interference
  1. Russian military hackers use hacktivist personas like Solntsepek to disrupt and demoralize by hacking and leaking data to discredit Ukraine's government.
  2. The Solntsepek campaign exemplifies the GRU disruptive playbook, combining cyber attacks to damage institutions with information operations to boast of achievements and demoralize victims.
  3. Russian cyber-enabled information operations aim to sway elections; such operations are coordinated efforts between GRU hackers and state media to influence target populations and decision-makers.

“State-in-a-Smartphone” App Helps Ukraine Weather War and Counter Corruption

39 implied HN points 02 Jun 23
🌍 World Politics International Aid Corruption Cybersecurity Information Warfare Ukraine
  1. Diia app in Ukraine is a prime example of effectively utilizing international aid money and technical savvy to enhance digital governance and counter corruption.
  2. The app has evolved to support citizens during wartime, offering various tools for evacuation, financial support, and information dissemination.
  3. Ukraine's focus on transforming into a non-corrupt, modern state through initiatives like Diia reflects its determination to build a resilient, tech-savvy economy with potential for global export of innovative solutions.

Horse Therapy for War Trauma; Chinese Military Shakeup; Russian Cybercriminals in Turkey; China's "Combat Talent"

19 implied HN points 22 Sep 23
🌍 World Politics Military Cybercrime Security Corruption
  1. Horse therapy, like equine-assisted services, can provide respite and restoration for war-traumatized individuals, helping them project calm authority, boost self-esteem, and find moments of happiness.
  2. The disappearance of China's Defense Minister Li Shangfu raises questions about political and military implications under President Xi Jinping, potentially affecting US-China military communication.
  3. Russian cybercriminals and their Turkish counterparts are collaborating in Turkey, engaging in online scams and fraud that challenge the dominance of traditional cybercrime groups.

Hacker “Bentley” indicted; China weaponizing vulnerabilities; Journalists suspect poisoning; Breakfast on the Verge of the Apocalypse; Free WIFI in China comes with a cost; Disinformation wins a round

19 implied HN points 08 Sep 23
🌍 World Politics Russia China Disinformation Journalism
  1. Russian hackers 'Bentley' have used Trickbot and Conti malware to steal funds, leading to indictments and sanctions from the US and UK.
  2. China has a system that nationalizes vulnerability disclosures, sharing data with agencies like the CNCERT/CC and Ministry of Public Security, raising concerns.
  3. Journalist Elena Kostyuchenko suspected of being poisoned, highlights the dangers faced by critical journalists in Russia, with a forthcoming book 'I Love Russia'.