Episode 14: Understanding Chinese Threat Actors with Naomi Yusupov of Cybersixgill

April 27, 2022

Listen on SpotifyListen on Apple Podcasts

Cybersecurity involves various processes, and it takes the joint work of different intel specialists to thwart the plans of threat actors within the dark web. However, things become even more complex when dealing with hackers from isolated countries such as China. 

Therefore, it is critical for anyone interested in understanding how to approach Chinese threat actors or their working methods to learn more about the overall Chinese system, including the government and its policies. 

In this episode of Dr. Dark Web, our host Chris Roberts welcomes Naomi Yusupov. She is the Chinese Intelligence Analyst at Cybersixgill and, as Chris describes her, a wizard in her field.

The two discuss the difference between the Chinese digital space and the majority of the world, and demystify how the Great Firewall of China functions. They also touch upon the differences separating Chinese threat actors and other hackers and the importance of slang in their operations, whether on the clear or dark web. 

Podcast Expert

  • Name: Naomi Yusupov
  • What she does: Naomi is the Chinese Intelligence Analyst at Cybersixgill.
  • Company: Cybersixgill
  • Noteworthy: Naomi majored in Economics and East Asian Studies. She then focused on China and Chinese Studies. Naomi spent some time in Beijing, studying Mandarin and, as she says, ”living and experiencing China,” which led her to the cybersecurity space. 
  • Where to find Naomi: LinkedIn

Podcast Insights

🎙️ To understand how Chinese threat actors function, you must understand the entire system. As you may know, China has the Great Firewall, and as Naomi explains it, it is the Chinese government’s way to prevent foreign access to the Chinese digital space. Therefore, anyone interested in understanding Chinese threat actors’ modus operandi must first familiarize themselves with the government and its policies. ”People interested in the dark web need to understand the ecosystem. First, you need to understand the different circumstances and the environment in which Chinese threat actors operate. And then, when you already understand this ecosystem, you know where to focus your resources.”

🎙️ Chinese threat actors use slang. Moreover, they have developed a system: if the government discovers a particular keyword, they’ll change it to keep their communication effective. So Naomi and her colleagues must stay on top of the changes happening in the threat actors’ communication to get relevant information at any given moment. ”The key to slang is that it is constantly changing, because you have this kind of cycle of censorship and they come up with a slang word for some criminal activity and then the censors figure it out and then they have a new word.”

🎙️ If you want to approach Chinese threat actors, you must act as one of them. What differentiates Chinese hackers from others is that they operate on both the clear and dark web. Ideally, that makes them more reachable. However, if you want to connect with one of them, you must prove you speak the same language. ”When interacting with Chinese threat actors, you need to use their phrases because if you’re gonna introduce yourself [with] a Google Translate version, they will know. You need to disguise yourself and try to think like a Chinese person and talk like a Chinese person on the streets. You need to engage with an unofficial language and terminology.”