Bizarre Hacking Campaign Targets Security Researchers

A Lucrative, Yet Suspicious, Job Offer Targeting Chinese Websites

An unusual and potentially illicit employment opportunity has surfaced, offering substantial compensation – up to $100,000 monthly – to individuals capable of hacking Chinese websites.

The Recruitment Tactics

The offer is being disseminated through X (formerly Twitter), utilizing fabricated accounts often featuring profile pictures of attractive individuals. These accounts are directly messaging cybersecurity professionals and researchers.

The initial message reads: “We are recruiting webshell engineers and teams to penetrate Chinese websites worldwide, with a monthly salary of up to $100,000. If you are interested, you can join our channel first,” accompanied by a link to a Telegram channel.

Inside the Telegram Channel

One recipient, and this reporter, was contacted by an X account with a seemingly random username, @JerelLayce88010. Following the provided link leads to a Telegram channel administered by an individual identifying as “Jack,” represented by an AI-generated pirate avatar.

Jack directly inquired about the recipient’s expertise in penetration testing.

The Scope of the Operation

The objective, as articulated by Jack, is to acquire webshells from domains registered in China. There are no specific targets; any website with a Chinese domain registration is considered within the scope of the operation.

“You need to understand China’s CMS,” Jack stated, referencing content management systems, the software powering website backends. “Find loopholes, and be able to obtain webshells in batches. There is no upper limit to the number we need. The more the better. This is a long-term job. We can establish long-term cooperation.”

The Motivation: Chinese Traffic

When pressed for the rationale behind this endeavor, Jack’s response was succinct: “What I need is China’s traffic.” Further questioning elicited little additional clarity.

Jack then issued a test assignment, requesting three webshells from Chinese domains as proof of skill, offering $100 per compromised site.

Conflicting Claims of Affiliation

Despite repeated inquiries regarding the organization behind this operation, Jack provided inconsistent answers. Initially claiming affiliation with the Indian government, Jack later attributed this to a translation error, stating that Chinese is their native language.

Reactions from the Cybersecurity Community

Several researchers who received similar messages expressed bewilderment. No malicious links or indications of doxing or scam attempts were reported.

“I am guessing it’s a troll rather than some serious threat actor,” commented s1r1us, a security researcher. “If they want to hire top talent this is not definitely the way.”

Expert Analysis

The Grugq, a prominent cybersecurity expert, described the recruitment campaign as unprecedented. “I have seen [people] asking dumb questions and spamming for various cybersecurity-related things,” he said. “But never anything like the persistent, widespread, bizarre s— from this guy.”

The Grugq theorizes that the ultimate goal may be to distribute malware within China, as utilizing Chinese domains for DDoS attacks or spam would not justify the substantial financial incentive.