Are you keen to hack and take management of Chinese language web sites for a random individual for as much as $100,000 a month?
Somebody is making exactly that tantalizing, weird, and clearly sketchy job provide. The individual is utilizing what seems like a collection of pretend accounts with avatars displaying pictures of engaging ladies and sliding into the direct messages of several cybersecurity professionals and researchers on X within the final couple of weeks.
“We’re recruiting webshell engineers and groups to penetrate Chinese language web sites worldwide, with a month-to-month wage of as much as $100,000. In case you are , you may be part of our channel first,” learn the message, which included a hyperlink to a Telegram channel.
For some motive, I additionally obtained this message from an X account named “Have a look at my homepage,” which had a username, @JerelLayce88010, that seemed prefer it was randomly generated.
After I adopted the hyperlink, I used to be capable of see the admin of the channel, somebody who goes by the identify “Jack” and has an AI-generated avatar of a pirate.
“Are you proficient in penetration expertise?” Jack requested me.
I’m not, however I requested Jack to inform me extra about their objectives.
“Get webshells from Chinese language registered domains. There isn’t any particular goal. So long as the area is registered in China, it’s our goal vary,” mentioned Jack, referring to web shells, packages or scripts that hackers can use to manage hacked net servers. “It’s good to perceive China’s CMS” — referring to content material administration techniques, the software program that runs the backends of internet sites — “discover loopholes, and be capable to acquire webshells in batches. There isn’t any higher restrict to the quantity we’d like. The extra the higher. It is a long-term job. We will set up long-term cooperation.”
Sure, however crucially, why?
“What I want is China’s site visitors,” Jack mentioned, maybe shedding endurance with my questions.
OK, however for what?
At this level, Jack positively bought uninterested in my questions and gave me an project: Get me three net shells on any area registered in China so I do know you will have the talents. Generously, Jack provided me $100 for every hacked area.
Alas, I nonetheless don’t have the talents to try this, nor the willingness to interrupt the regulation. As an alternative I stored asking questions, together with who Jack was working for. “Indian authorities,” Jack responded, though in a subsequent chat Jack contradicted that, blaming computerized translation, which they mentioned they have been utilizing as a result of Chinese language is their first language.
I spoke to a number of the researchers who bought Jack’s unusual job provide, they usually have been additionally puzzled. No one mentioned they’ve gotten a malicious hyperlink, for instance, or suspicious questions that might point out some form of doxing or rip-off marketing campaign.
“I’m guessing it’s a troll [rather] than some severe menace actor,” mentioned s1r1us, a safety researcher who obtained a DM from certainly one of Jack’s sockpuppet accounts on X. “In the event that they need to rent high expertise this isn’t positively the way in which.”
The Grugq, a well known cybersecurity professional, informed TechCrunch that he has by no means seen something like this recruiting marketing campaign. “I’ve seen [people] asking dumb questions and spamming for varied cybersecurity-related issues,” he mentioned. “However by no means something just like the persistent, widespread, weird s— from this man.”
In accordance with The Grugq, maybe the objective is to contaminate folks inside China with malware, because it doesn’t make sense to make use of Chinese language domains to launch DDoS attacks or spam, as a result of that wouldn’t justify the excessive cost.
“I actually can’t consider wtf they’re doing,” The Grugq concluded. “It is mindless.”
And neither can anybody else, apparently. Godspeed, Jack, in no matter journey you’re embarking on.
China,cybercrime,cybersecurity,hackers,hacking
Add comment