China has developed distinct software, unparalleled with the west. The best known example is Wechat, owned by Tencent. Wechat boasts over a billion users – one of the most popular apps in the world. While Wechat services are plenty – ranging from instant messaging to payment transfers, real time localization and more, Wechat has stayed somewhat domestic in its orientation. Its users are almost exclusively mainland Chinese, while the rest are mostly overseas Chinese and people with business ties to China. QQ is another Chinese app which, unlike Wechat, is used exclusively for instant messaging.

Even though apps such as this are being monitored and censored by the government, many Chinese speaking threat actors are using them as their main platform for their activities. While China routinely blocks malicious content, the scope is proving too great to handle. This may also be why most Chinese threat actors allow themselves to operate in the open web rather than the dark web.

In dark net forums, as well as in the open web and on apps such as telegram, Chinese threat actors regularly reveal their QQ and Wechat contact information. For some, it is their main platform of operation. They may open private accounts for direct one-on-one, private business cooperation, or they may be a part of a group in order to attain community support and larger business flow. In addition, Wechat also provides ways to advertise yourself through announcement pages.

The illegal activities of these actors pose a threat to both western and Chinese entities, but the latter is more prominent, as many of these actors do not speak English and are not too interested in global reach. Most of the global activity is mainly about illegal gambling and drug trade in South-East Asia (especially Cambodia and the Philippines), as well as carding in western countries or western banks in China and Asia. Hacking services, malware, and other malicious software are prominent and threaten both Chinese and western entities. Database theft and trade are also present but mainly threaten private Chinese citizens and businesses. Threats on Chinese entities stem mainly from carding, databases trading, drug trafficking and a huge underground gambling industry. An additional large illegal business is to hack other Chinese E-commerce businesses in order to interrupt their operations, while you gain the advantage. This is because of the extremely competitive environment.

The illegal transactions are usually paid through “Wechat pay” and “Alipay”, transferred from one’s “Wechat wallet” to the other. It is quick and convenient and if the sums transferred are not too large – also safe from the government’s supervision.


By Ori Rubinstein, Cyber Threat Intelligence Analyst at Sixgill