Recent investigations into the possible links between two individuals associated with recent cyber incidents have revealed noteworthy findings. Cary, a researcher, examined two databases of Chinese names and collaborated with Yi Fuxian, a professor of Chinese demography at the University of Wisconsin–Madison. He found that the name Qiu Daibing (邱代兵) is quite rare, appearing statistically unlikely to pop up independently more than once. According to Yi, the surname 邱 comprises only 0.27 percent of Chinese names, and its combination with the specific given name would reduce the likelihood even further.
On the other hand, the name Yu Yang (余洋) is more prevalent. Cary theorizes that the co-occurrence of Qiu Daibing and Yu Yang alongside similar skill sets and educational backgrounds significantly diminishes the chance of this being mere coincidence. He posits that the statistical improbability—of two individuals sharing a rare name, training in Networking through Cisco’s Academy, and studying at the same university—indicates a strong correlation.
Attempts to contact both Qiu Daibing and Yu Yang through LinkedIn and an email associated with Beijing Huanyu Tianqiong have not yielded any responses. Should Cary’s hypothesis be substantiated—that both men were trained under Cisco’s Networking Academy—it may not indicate a weakness within Cisco’s cybersecurity protocols. Instead, it highlights an unavoidable challenge stemming from the global accessibility of technology and training, even to entities that might leverage such knowledge for malicious purposes.
The situation becomes particularly critical given China’s persistent efforts to replace foreign technology, including Cisco equipment, with domestic products. Cary raises a pertinent question: “If China is actively seeking to exclude these foreign technologies from its networks, who remains interested in learning about them?” This dilemma underscores the complexities faced by cybersecurity professionals when grappling with the intricacies of international relations and tech training.
Moreover, John Hultquist, chief analyst at Google’s Threat Intelligence Group, highlights a concerning trend of restricted information-sharing from China with the global cybersecurity community. He notes that there is a lack of reciprocity in sharing findings, which further complicates collaborative defenses against cyber threats. “It’s like we’re in a sharing group, and they’ve made it clear they will not reciprocate,” Hultquist explains, emphasizing the one-sided nature of technological benefits in this context.
The implications of these findings resonate through various elements of the MITRE ATT&CK framework. Initial access techniques, often employed by adversaries to penetrate systems, could potentially be relevant in this case, alongside tactics such as persistence and privilege escalation. Such methods enable attackers to establish and maintain access to compromised systems, illustrating the sophisticated nature of contemporary cyber threats.
As the landscape of cybersecurity continues to evolve, understanding the connections between individuals involved in potential breaches becomes critical. Whether through statistical improbabilities or more tangible ties, these explorations inform the broader narrative of cybersecurity in a globalized world. As organizations face increasing sophistication in cyber threats, remaining vigilant to the complexities of their origins is paramount.
