Menu
Browse

Cyber Threat Actor: Two Students

Actor Type Location Known Incidents
 Icon
Criminal
China
0 incidents
Profile

The threat actor known as Two Students consists of two individuals identified in public reporting as Chen and Zhang, who operated from Shanghai’s Songjiang District in China. They used the alias Two Students when advertising their services to peers. Their activity was directed at the educational sector, specifically targeting a college website that housed student grade information. By exploiting a vulnerability in the site they gained unauthorized access to the underlying database and altered physical education scores. The primary motivation observed in the reporting was financial, as they charged fellow students a fee for each grade modification they performed. They offered the service at a rate ranging from fifteen to twenty yuan per change, which attracted demand from two hundred classmates. The income generated from this scheme amounted to approximately eighty thousand yuan before the school detected the alterations. No indication of espionage, political motivation, or disruptive intent appears in the source material.

The actor’s tactics involved direct web application hacking rather than the deployment of malware or specialized toolkits, with the initial access vector described as exploiting a security hole in the college’s website. Once inside, they manipulated existing grade records without installing persistent software or leaving behind identifiable malware families. Attribution to a state sponsor or criminal organization is not supported by the publicly available facts; the individuals were apprehended by local police after the institution reported the irregularities and investigated the breach. The operation represents a discrete campaign in which the two students monetized unauthorized access to an academic system, providing a concrete example of profit‑driven insider‑threat activity within a Chinese higher‑education environment. The case was resolved when the school corrected the vulnerability and law‑enforcement took custody of the suspects.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
1 source