> Notably, the C2 IP 110.42.4.180 that the malicious Netfilter driver connects to belonged to Ningbo Zhuo Zhi Innovation Network Technology Co., Ltd, according to WHOIS records.
> The U.S. Department of Defense (DoD) has previously marked this organization as a "Communist Chinese military company," another researcher @cowonaut observed.
Tried to check the claim, which links to http://www.defense.gov/Newsroom/Releases/Release/Article/247.... There are four short PDFs linked there, and I couldn't find the company in any of the lists. Tried to check historical versions on Internet Archive, still couldn't find anything, but admittedly I only looked briefly. "site:defense.gov Ningbo Zhuo Zhi" turned up nothing on Google.
Now, WHOIS record points to nbgaofang.com, which claims to be a cloud provider specializing in DDoS protection, so a Cloudflare of sort.
Do reporters actually read what they link? Do they intentionally report “juicy” bs with sham links that don’t support the bs, knowing full well that few readers would try to verify sources?
Sure, there’s nothing for one less space either, or anything close.
> or the DoD may have listed the parent (holding) company
Like which one? I think it’s the reporter’s job to find out. Posting a link implying something’s there when there’s actually nothing is garbage reporting at best and malicious at worst.
Here's a more likely explanation though. The "security researcher" quoted saw AS56041 China Mobile communications corporation in WHOIS, which is actually listed by DoD, rather than the aforementioned company. However, that's just the backbone provider; attributing based on that is kind of like attributing a U.S. C2 server to Hurricane Electric. The "security researcher" should probably stay away from the attribution game if they can't recognize backbone providers.
> The U.S. Department of Defense (DoD) has previously marked this organization as a "Communist Chinese military company," another researcher @cowonaut observed.
Tried to check the claim, which links to http://www.defense.gov/Newsroom/Releases/Release/Article/247.... There are four short PDFs linked there, and I couldn't find the company in any of the lists. Tried to check historical versions on Internet Archive, still couldn't find anything, but admittedly I only looked briefly. "site:defense.gov Ningbo Zhuo Zhi" turned up nothing on Google.
Now, WHOIS record points to nbgaofang.com, which claims to be a cloud provider specializing in DDoS protection, so a Cloudflare of sort.
Do reporters actually read what they link? Do they intentionally report “juicy” bs with sham links that don’t support the bs, knowing full well that few readers would try to verify sources?