Rethinking APT Attribution: Dakota Cary on Chinese Contractors and Espionage-as-a-Service

Three Buddy Problem - Episode 56: China-focused researcher Dakota Cary joins the buddies to dig into China’s sprawling cyber ecosystem, from the HAFNIUM indictments and MSS tasking pipelines to the murky world of APT contractors and the ransomware hustle. We break down China’s “entrepreneurial” model of intelligence collection, why public visibility into these threat actors is so hard to get right, and how companies like Microsoft get caught in the geopolitical crossfire.

Plus: a deep dive on suspected MAPP leaks and Sharepoint zero-days, Singapore targeted by extremely sophisticated China-nexus hacking group, soft censorship in corporate threat-intel, and whether the U.S. should rethink how it fills its intelligence gaps.

Cast: Dakota Cary, Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

• Transcript (unedited, AI-generated)
• Dakota Cary on LinkedIn
• China’s Covert Capabilities -- Silk Spun From Hafnium
• HAFNIUM-Linked Hacker Xu Zewei: Riding the Tides of China’s Cyber Ecosystem
• Microsoft Probing Whether Chinese Hackers Found Flaw Via MAPP
• Cybersecurity Law of the People’s Republic of China
• Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
• Fire Ant: Hypervisor-Level Espionage Targeting VMware ESXi & vCenter
• Singapore actively dealing with ongoing China cyberattack
• Iranians Targeted With Spyware in Lead-Up to War With Israel — all inside Iran and working either in the country’s technology sector or for the government.
• LABScon 2025
• Apple in China (book)