Between late 2024 and early 2025 the U.S. government issued indictments or sanctions against three Chinese information security firms—i-SOON, Sichuan Silence, and Integrity Tech—alleging their support for or links to malicious cyber groups targeting U.S. government and critical infrastructure systems. At LABScon 2025 Mei Danowski and Eugenio Benincasa presented research showing these firms and a broader private cybersecurity industry provide commercial cyber ranges and “attack-defense live-fire” exercises that nurture China’s offensive cyber talent and support state-linked operations. #i-SOON #IntegrityTech
Keypoints
- The U.S. government issued indictments or sanctions against i-SOON, Sichuan Silence, and Integrity Tech for alleged links to malicious cyber activity targeting U.S. government and critical infrastructure.
- Researchers found these companies operate or support commercial cyber ranges and “attack-defense live-fire” (攻防实战) exercises that train cybersecurity professionals in offensive and defensive techniques.
- The presentation argues that attack-defense exercises, alongside hacking contests and crowdsourced bug bounty programs, are primary mechanisms used to develop China’s offensive cyber capabilities.
- The private cybersecurity industry in China is large and growing, with the research noting more than 4,000 products and services providers that feed into the ecosystem.
- The report maps 120 companies identified as providers of attack-defense exercises and cyber range services and profiles several key firms to assess their roles in state-linked operations.
- The research draws on Chinese-language sources—company directories, public business data, job postings, university websites, and niche interviews—and was presented by Mei Danowski and Eugenio Benincasa at LABScon 2025 hosted by SentinelLabs.
MITRE Techniques
- [None ] No specific MITRE ATT&CK technique identifiers are mentioned in the article; the text discusses training formats and cyber range services rather than named ATT&CK techniques — ‘attack-defense live-fire’ exercises and commercial cyber ranges are the focus.
Indicators of Compromise
- [None ] The article does not provide technical IOCs such as IP addresses, file hashes, domains, or filenames; it references company names and industry activity instead (i-SOON, Sichuan Silence, Integrity Tech).