• intelshill@lemmy.ca
    link
    fedilink
    arrow-up
    14
    arrow-down
    10
    ·
    9 months ago

    This is either a state actor operating under a fake name or it deserves to be one.

    The perpetrator, “Jia Tan,” let’s assume has last name 陈. In Mandarin, this is pronounced as Chen, in Hong Kong as Chan, while in Minnan this is pronounced as Tan. Minnan is prevalent in Taiwan, Singapore, Malaysia, Indonesia, and other southeast Asian countries as well as in parts of Fujian, China (where it originated).

    A common feature of early Chinese expat communities was that they were overwhelmingly from Guangdong (think Gold Rush era). However, more recently, there’s been a massive wave of Taiwan and Hong Kong emigration… The relevant takeaway here is that Tan is much more common of a pronunciation in expat communities than it is in China.

    Of course, they could also have the last name 谭, but that’s a good bit rarer. 陈 is the most common Chinese surname overseas and the 5th most common in China, while 谭 is something like 54th most common in China. Odds are high that, if this was a persona constructed by a state actor, it did not come from China but from an overseas actor for which Tan is a more common romanization.

    • krolden
      link
      fedilink
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      9 months ago

      What makes you think thats actually their name?

    • mlg@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      2
      ·
      9 months ago

      This makes sense, but the implementation itself was also kind of sloppy. I think it was bound to be found sooner or later, which seems oddly unlikely for an APT that would spend more time and effort hiding it.

      I wouldn’t expect China, NSA, or any big name APT to be behind this.

      I wonder if it was really a state actor or actually just a random blackhat group trying to gg ez a backdoor.

      • intelshill@lemmy.ca
        link
        fedilink
        arrow-up
        8
        arrow-down
        1
        ·
        9 months ago

        Way too big of a target for a black hat group imo. It was only sloppy because they got caught.

        The length of this project points to external funding.