APT17

APT17 is identified as a cyber-espionage group that operates with a direct link to the Jinan bureau of China's Ministry of State Security. The group’s primary activity consists of conducting on-demand hacking operations for the ministry’s intelligence objectives. These operations are carried out by individuals who work as contractors for the ministry, based in Jinan. APT17’s focus is on gaining unauthorized access to computer systems to collect sensitive information.

The group’s distinguishing attribute is its explicit sponsorship by a state security apparatus, which sets it apart from financially motivated cyber criminal entities. Its exposure by the anonymous collective Intrusion Truth in 2010 revealed the identities of three contractors alleged to perform the hacking work. This disclosure followed Intrusion Truth’s earlier doxing of other Chinese state‑linked groups, APT3 and APT10, which had resulted in U.S. Department of Justice indictments. The APT17 case reinforced the observed pattern of Chinese state‑sponsored cyber activity, demonstrating that such operations persist despite public naming and legal actions. Chinese hacking activities have reportedly continued even after previous indictments and naming efforts, indicating the resilience of these state‑backed efforts. The exposure of APT17 was detailed in a Zdnet article that described the group's ties to the Jinan bureau.