Chinese criminal underground is doubled between 2012 and 2013

Pierluigi Paganini September 06, 2014

Expert at TrendMicro published a new chapter of the Cybercriminal Underground Economy Series in which analyzed the Chinese underground.

Chinese cybercrime underground activity is rapidly increasing, according to a new interesting report published by Trend Micro the Chinese it is doubled between 2012 and 2013. The findings confirm that amount of underground activity in China doubled both with regard to a number of participants and product and service offerings.

Security experts are always concerned by the state-sponsored operations, but the report highlights that politically independent cybercrime is growing in China.

“The barriers to launching cybercrime have decreased. Toolkits are becoming more available and cheaper; some are even offered free of charge. Prices are lower and features are richer. Underground forums are thriving worldwide, particularly in Russia, China, and Brazil. These have become popular means to sell products and services to cybercriminals in the said countries. Cybercriminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online “shops” harder for law enforcement to find and take down.” states Lion Gu in the report titled “The Chinese Underground in 2013“.

According to Trend Micro CSO Tom Kellermann, cybercrime has likely tripled respect 2012 and cyber criminals are targeting also Chinese capitalists. While Chinese authorities are focused on high profile cyber operations against foreign governments and are increasing their cyber capabilities to present national infrastructure from attack by foreign states, internal underground is growing as never before motivated only by the money and by the fact that cyber crime is difficult to persecute.

China”has been focused externally… on information dominance and espionage,”  “who are not beholden to the regime. They believe money is God and believe that crime has evolved with technology.”Kellermann says.

The analysis conducted by the experts is very interesting, quite similar to the one published last year in the Russian underground, the researchers have been continuously monitoring the Chinese underground market since 2011. By the end of 2013, the experts analyzed more than 1.4 million instant chat messages related to activities in the market for popular instant-messaging (IM) QQ app alone.

QQ Groups is a feature of an IM service provided by Tencent, which allows users to easily manage multi chat groups.

Chinese underground QQ group

Analyzing the popularity of various products and services offered in the Chinese underground market the expert noticed the greatest interest for the three following products/services:

Chinese underground QQ group 2

As already explained in a precedent report published by TrendMicro on the Chinese cybercrime, mobile underground market is the most prolific segment, the black market if focused on the sale/rent of products and services for cyber attacks on mobile platforms, mainly Android.

The report includes price list for the above products, for example an annual license for RAT ranges from $97 to $258, meanwhile criminals could rent DDoS toolkits for $81 per month.

As reported in the table below a DNS server attack cost only $323 and a 10 GB Syn packets per day goes for $161.


Chinese underground QQ group 3


It is interesting to note some differences between Russian and Chinese underground, Chinese groups are more available to general public respect Russians and also communication channels adopted by Chinese criminals are rarely hidden.  But make no mistake, the level of sophistication of threats is equally advanced and dangerous.

This report is a must reading for security experts …. waiting for a new one also on the prolific Brazilian underground market.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Chinese underground market, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment