Yi-Chin Chuang

Yi-Chin Chuang is a cyber threat researcher at TeamT5. She is passionate about reverse engineering and malware analysis. Her current research focuses on APT threats within the APAC region. She has shared her research findings at Underground Economy, JSAC, CYBERSEC, and TAS.

‍

Talk: KnockHuoDuo Unmasked: The Fruit of China's Evolving Zero-Day Exploitation Strategy [TLP:AMBER+STRICT]

In recent years, Chinese state actors have increasingly exploited zero-day vulnerabilities, surpassing all other nations combined. This surge reflects a deliberate policy shift since 2018, when China began systematically collecting vulnerabilities and treating them as national assets. Following this strategy, we identified an emerging Chinese state actor, KnockHuodou (UNC4841), specializing in vulnerability exploitation. Their expertise in pwning, binary exploitation, and reverse engineering has enabled some of the most sophisticated compromises. This presentation will reveal our research on KnockHuodou in 2024. We will start by introducing KnockHuodou and their recent campaigns, particularly their exploitation of zero-day vulnerabilities in edge devices. Next, we will present case studies to highlight the evolving threat they pose. KnockHuodou serves as a vivid example of how China-nexus actors can adopt the centralized vulnerability research in cyberattacks. In the last part of the speech, we will conclude with key implication based on our understanding of KnockHuodou, and how it represents the emerging Chinese cyber threats – because, as the saying goes, know the enemy and know yourself; in a hundred battles, you will never be in peril. We believe that intelligence is the best key for defending.