Monday, September 26, 2016

Wooyun Chinese Vulnerability Reporting Platform Shut Down

Wooyun, the website for China’s largest vulnerability hunting and reporting community, was shut down in July 2016, and its founder Fang Xiaodun and other website personnel were reportedly arrested.  The immediate cause seems to be a complaint from a corporate target whose data was “stolen” by a vulnerability hunter who reported the vulnerability through Wooyun. Other Chinese reporting indicates that Chinese corporations had become frustrated with white-hat hackers for exposing their system vulnerabilities, and the Wooyun community became a focus of this frustration. The arrests indicate a shift in government attitude, perhaps because of corporate pressure, and vulnerability hunting may be entering a period of pushback from both government and the Chinese business community.

Publication date:                         23 Sep 2016

Handling requirements:               Traffic light protocol (TLP) AMBER.

Attribution/Threat Actors:           Chinese State Actor

Actor Type:                                  Adversary capabilities have been assessed as Tier IV.*

Previous Reporting:                      None

Industries Targeted:                     Chinese Information Security

*Criminal or state actors who are organized, highly technical, proficient, well-funded professionals working in teams to discover new vulnerabilities and develop exploits.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.