{ "id": "db627524-7845-4735-b0a1-296a55e5b55d", "created_at": "2026-04-06T00:13:34.692654Z", "updated_at": "2026-04-10T13:12:03.530996Z", "deleted_at": null, "sha1_hash": "9efc6b041a2b54ee2b3bca3007c06b0e5b260f34", "title": "Who is Mr Gu?", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 1675936, "plain_text": "Who is Mr Gu?\r\nBy intrusiontruth\r\nPublished: 2020-01-10 · Archived: 2026-04-05 16:05:14 UTC\r\nIn our previous articles we identified thirteen companies that this blog knows are a front for APT activity in\r\nHainan. Following further analysis, we noticed a close association between these Hainan front companies and the\r\nacademic world. Multiple job adverts for the the companies are posted on university websites. Hainan Xiandun\r\neven appears to operate from the Hainan University Library!\r\nHainan Xiandun registration details showing Hainan University library as its address\r\nGu Jian\r\nThis company summary for Hainan Xiandun also provides a contact number: 13907545649. Cross-referencing\r\nthis partial phone number and Hainan, we identified Gu Jian (顾剑) is a Computer Science specialist at Hainan\r\nUniversity. We found Gu’s name and phone number in this list of projects on the Hainan University website.\r\nList of  Hainan University project titles linking 13907545649 to Gu Jian\r\nHere is Gu’s CV:\r\nhttps://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu\r\nPage 1 of 5\n\nGu Jian’s CV\r\nAnd here is his biography from his web page at Hainan University’s website showing his work history and\r\ninterests, including as a former member of the People’s Liberation Army.\r\nGu Jian’s University biography\r\n“[Gu Jian] worked as an educated youth, a PLA soldier, an officer of the Political Department of the\r\nProvincial Military Region, a senior engineer of a state-owned enterprise, and a Chinese employee\r\n(technical director) of the French representative office of the French company BULL.”\r\nGu Jian, a Professor in the Information Security Department and former member of the PLA is now the contact\r\nperson for an APT front company which itself is linked to twelve other front companies.\r\nHainan Xiandun Information Security Technology Competition\r\nMr Gu is closely involved with Hainan Xiandun. In September 2013, he posted on the Hainan University online\r\nforum about “The 2013 Hainan Network Information Security Technology Competition” saying that teams could\r\nenter and that there would be prizes. The posting indicated that more detail was available on xdaqjs[dot]com. This\r\nhttps://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu\r\nPage 2 of 5\n\ndomain is an acronym from the Pinyin for Xiandun Security Competition Final (XianDun AnQuan JueSai – 仙盾\r\n安全决赛).\r\nThese links between Hainan Xiandun and Hainan University are seen again on the internal Hainan University\r\ndiscussion forum. A user name “xdaqjs” posted to encourage students from any specialism and in any year with an\r\ninterest in cyber security to attend a session hosted by Hainan Xiandun in the auditorium of the information\r\ntechnology department on 9 September 2013.\r\nThe competition ran again in 2016, still using xdaqjs as a title.\r\nxdaqjs[dot]com\r\nMr Gu was not just advertising this competition for a company that he was involved in, he registered the domain.\r\nhttps://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu\r\nPage 3 of 5\n\nPassword cracking\r\nA link to the malicious activity of the front companies can be seen when reading discussion forums about xdaqjs.\r\nIndividuals purporting to represent the site offered large sums of money to people with password cracking skills\r\noutside the ordinary range of dictionary attacks and brute force.\r\nIndividuals from xdaqjs offer money for password cracking skills\r\nThe opening post reveals that Mr Gu is seeking new ways of cracking passwords. The poster is aware of the\r\ncommon techniques, for example brute force or dictionary attacks, but is seeking new alternatives.\r\nWhat makes this interaction increasingly strange though, is that a student posting on this thread said that Mr Gu is\r\ninexplicably wealthy and is offering a large amount of money to people able to provide new and inventive ways of\r\ncracking passwords. The original text is telling:\r\n“Haha, I only want to know are these things actually crackable… From what I know about our teacher, he doesn’t\r\nwaste his words. Our teacher says if no-one can crack it this time, then he’ll increase the money on offer, 200,000,\r\n300,000, 500,000 RMB.\r\nP.S. Believe it or not, our teacher has a lot of money…”\r\nMr Huang\r\nhttps://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu\r\nPage 4 of 5\n\nThe Dean of Mr Gu’s faculty is CCP member Huang Mengxing (黄梦醒). The questions we should ask are: How\r\nwell does Huang know Gu? Does he know about his department’s support for front companies for APT activity?\r\nMost importantly, if he knew then should he have stopped it?\r\nIn summary, Gu Jian, a former member of the PLA is an academic specialising in Information Security at\r\nHainan University. He is also listed as the contact person for Hainan Xiandun, one of a network of front\r\ncompanies for APT activity.\r\nDiscover more from Intrusion Truth\r\nSubscribe to get the latest posts sent to your email.\r\nSource: https://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu\r\nhttps://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia", "MISPGALAXY" ], "origins": [ "web" ], "references": [ "https://intrusiontruth.wordpress.com/2020/01/10/who-is-mr-gu" ], "report_names": [ "who-is-mr-gu" ], "threat_actors": [], "ts_created_at": 1775434414, "ts_updated_at": 1775826723, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/9efc6b041a2b54ee2b3bca3007c06b0e5b260f34.pdf", "text": "https://archive.orkl.eu/9efc6b041a2b54ee2b3bca3007c06b0e5b260f34.txt", "img": "https://archive.orkl.eu/9efc6b041a2b54ee2b3bca3007c06b0e5b260f34.jpg" } }