Chengdu: Teahouses, Hotpots, Universities and … Hackers
Chengdu’s leisure lifestyle, education and talent resources have contributed to the city becoming a hacking hub
In the past 20 years, a variety of cyber threat intelligence (CTI) analyses have pointed out that Sichuan Province is a “known hot spot for hacking” and that Chengdu, the capital of Sichuan Province, has “become a hub for Chinese advanced persistent threat (APT) activity.” From late 2023 to 2024, “Chengdu” has appeared in research and analysis reports from Natto Thoughts close to 200 times. The Natto Team’s “obsession” with Chengdu has led us, among the first, to identify publicly that Chinese information security company i-SOON was linked with China-based threat group APT41 and likely worked for the state as a hacker-for-hire. Other than i-SOON, the Natto Team also discussed some Chengdu-based companies, such as Chengdu 404, the company behind APT41, the US Department of Treasury sanctioned
Sichuan Silence Information Technology company, and the rising Chengdu tech-star company NoSugar Tech. Lastly, we gave a full review of the Chengdu-based hacking competition Tianfu Cup 2023. Our obsession with Chengdu as a hub for hacking makes us want to know more about Chengdu.
Several years ago, the Natto Team reviewed a blog project named Facts and Details which, since the 1990s, has been a World Atlas style source for country and city profiles. Facts and Details has a fascinating Chengdu page (last updated in July 2020) with information about the city that potential travelers might find useful, such as transportation, sights and tea houses and food in Chengdu. The Chengdu page also includes a section - “Chengdu Hackers.” Obviously, other like-minded researchers besides just the Natto Team thought Chengdu hackers deserve a section in the Chengdu city profile. Inspired by Facts and Details’ Chengdu page, the Natto Team would like to dig deeper to understand why Chengdu has become a hub for hacking. We discovered that Chengdu’s laid-back atmosphere and rich higher education resources seem to be the two of many factors that attract the hacking scene.
Chengdu: the City of Leisure - Teahouses and Hotpots that Everyone Enjoys, Including Hackers
Chengdu has become a city to escape to because of its distinctive geographic, social and cultural environment. A popular online saying goes “Chengdu is a city that once you come you don’t want to leave.”
Chengdu, the capital city of Sichuan Province in Southwestern China is the fourth most populous city in China with a population of over 20 million.1 Sichuan Province is a mountainous region with 622 named mountains, as described by Li Bai, the famous Tang dynasty poet from Sichuan - “the daunting route into Sichuan is more daunting than climbing the sky”(蜀道难难于上青天). However, Chengdu is located in the fertile Chengdu Plain (成都平原) region and historically called the “Country of Heaven” or “Land of Abundance” (天府之国). The city is also known as the city of leisure. Although Chengdu is still a populous city, people there generally have a laid-back attitude compared with those in the first-tier metropolitan cities.2 A popular Internet meme of “fleeing from Beijing, Shanghai, Guangzhou, and Shenzhen, and moving to Chengdu” which appeared a decade ago, reflects many working class people are tired of high living costs and lack of work-life balance in China’s first-tier cities and look for a relaxing and cost-effective lifestyle in Chengdu. Particularly, taking off during 2021, the tang ping (躺平, in English meaning lying flat) movement, many young people were taking a break from relentless work and looking for lower stress and a simpler lifestyle. Moving to Chengdu seemed like a great option.
When mentioning Chengdu, many are fond of the city’s teahouses and hole-in-the-wall restaurants which have a special name called fly restaurants (苍蝇馆子). Visiting teahouses in Chengdu is not only for enjoying tea but also as social activity for locals. Families and friends meet in teahouses and can spend hours drinking tea, playing board games, or just relaxing. Fly restaurants provide authentic and delicious local food with reasonable prices and are conveniently located on every corner of the city. In fact, United Nations Educational Scientific and Cultural Organization (UNESCO) named Chengdu the “City of Gastronomy” in 2011. UNESCO praises Chengdu as “the cradle and development place of Sichuan Cuisine” and “the openness and inclusiveness” of its food scene. Chengdu as a “City of Gastronomy” is “full of creativity and innovation” and “full of cultural forms and activities” that liven the food culture. As Sichuan Cuisine goes, Sichuan hotpot is a one-of-a-kind meal. Often consumed in a group setting, with a steaming pot of spicy broth and a variety of meats and vegetables, guests center around the hotpot and cook the ingredients in the hot broth while the hotpot continues boiling. Guests can cook the food to their own liking and take the food out from the pot and dip them in a dipping sauce to enjoy after it is cooked.
Based on the Natto Team’s research, hackers in Chengdu seem to love hotpot meals. Hotpot restaurants often are their go-to places for gathering or meeting clients and business partners or even journalists. In 2007, Time Magazine journalist Simon Elegant interviewed a well-known Chinese hacker Tan Dailin. Back then, Tan was in his early 20s and later in 2020 the US Federal Bureau of Investigation (FBI) placed him on a wanted list with three other members of APT41. Tan was accompanied by seven of Tan’s buddies from the Network Crack Program Hacker (NCPH) group, in a hotpot restaurant in Chengdu. After lots of beer, which is probably the best beverage to accompany a hotpot meal, members of the NCPH showed their hacker spirit when they were asked if they might hack for money, and responded that “the real hackers keep their heads down, finding network loopholes, write killer programs and live off social security,” and they would not do it “for a name or money.” Although we know the hacker spirit is inspiring, the reality is not. Tan had taken payment from “an unknown company or entity” for hacking in 2006 and prior. In 2019, a report from Mandiant (Now part of Google) disclosed threat group APT41, of which Tan was a member, conducted financially motivated activity for personal gain while continuing its cyber espionage operations activities from 2012 to 2019.
The leaked documents from i-SOON in 2024 also showed hackers’ love of hotpot. On one occasion, i-SOON executives proposed to have a 200 people hotpot party for a company event. Hotpot dinners had been the choice of i-SOON employees and their clients in multiple chatlog conversations.
The leisurely pace of life with teahouses and hotpot restaurants is unique to Chengdu. It seems that exchanging ideas, building networks, and initiating collaborations happen in many of Chengdu’s hotpot restaurants and teahouses – the informal meeting places.
Chengdu: Plenty of Universities and Talents, Including Hacker Talents
Chengdu as a hacking hub benefits from science and technology focused universities in the city. Chengdu is among the top 10 cities in China with the most universities and colleges. As of the end of 2022, the data from the municipal government of Chengdu showed that the city had a total of 65 universities and colleges. Chengdu is home to several prestigious universities and technical institutes, including Sichuan University, Chengdu University of Information Technology (CUIT), University of Electronic Science and Technology of China (UESTC) and Chengdu University of Technology. These universities produce a steady stream of skilled engineers and programmers. China’s 2023 Cybersecurity Industry Talent Report, which was based largely on data from Chinese online recruitment services provider Zhaopi, indicated that Chengdu was right behind Beijing ranking as the 2nd city where the most cybersecurity talent resides, followed by Shenzhen and Shanghai. These cybersecurity talents provide ample human resources for local information technology companies.
Previously, the Natto Team, other researchers and cybersecurity firms have identified that several Chengdu-based Chinese APT groups have had close ties with local universities. For example, several members of APT41 attended Sichuan University. Chengdu 404, the company behind APT41, provided internships and scholarships to students from Sichuan University and Chengdu University of Information Technology (CUIT). A well-established relationship with local universities also brings business to these companies. i-SOON leaks disclosed that i-SOON provided
its cyber range platform to CUIT for the cost of around US$853,000. i-SOON executives expected that the CUIT cyber range project went well, and the company would market its cyber range platform to other universities. In the meantime, universities have provided talent pipelines for hacker-for-hire companies and in a few cases local universities didn’t mind trying out their skills in threat campaigns. Published in October 2024, the “Pacific Rim” report series from The United Kingdom (UK)-based company Sophos identified Chengdu-based Sichuan Silence Information Technology and the University of Electronic Science and Technology of China (UESTC) in Chengdu as being involved in the threat campaigns against Sophos’ firewalls and other perimeter devices for five years.
No doubt, Chengdu is a very charming city that draws talent. However, Chengdu becoming a hub for hacking was not a random case. It builds on its rich hacker culture, ample educational opportunities and talent resources. In addition, of course, gathering at teahouse and sitting around a table for a spicy hotpot dinner with cold beer can make ideas flow freely, help networks build easily, and allow collaborations to occur naturally – and sometimes hacking happens.
The top four most populous cities are Chongqing (31.91 million), Shanghai (24.87 million), Beijing (21.86 million), and Chengdu (21.302 million) as of 2023.
China’s first-tier cities are Beijing, Shanghai, Guangzhou, and Shenzhen. These cities are considered the most developed in China and are known as the country’s megapolises. They are large, densely populated, and have a significant economic, cultural, and political influence. For details of China’s city-tier classification, see this China Briefing article.
A great piece! Missing one of my favorite cultural notes of Chengdu, though. It is also China’s queerest city!