Between late 2024 and early 2025, the United States government issued indictments or sanctions against three Chinese information security firms – i-SOON, Sichuan Silence, and Integrity Tech – alleging their support for or links to malicious cyber groups targeting US government and critical infrastructure systems.
In this talk, Mei Danowski and Eugenio Benincasa discuss their research in which they found that all three companies serve as a key seedbed for nurturing China’s offensive cyber talent with cyber range services, which train cybersecurity professionals through “attack-defense live-fire” (攻防实战) exercises.
The speakers explain how, alongside hacking contests and crowdsourced bug bounty programs, attack-defense live-fire exercises are one of the primary mechanisms leveraged by the Chinese government to enhance its cyber capabilities, with support from a rapidly growing private cybersecurity industry with more than 4000 products and services providers.
The presentation goes on to focus on the development of attack-defense exercises and commercial cyber ranges in China, areas that have received relatively little attention to date, examining how this ecosystem shapes China’s offensive cyber capabilities.
The presentation is based on an upcoming research report that draws on Chinese-language sources – including company directories, public business data, job postings, university websites, and interviews in obscure publications – to map China’s cybersecurity industry. This unique talk discusses 120 companies identified as providers of attack-defense exercises and cyber range services, and profiles several of these key companies to assess their role in supporting state-linked cyber operations.
About the Authors
Mei Danowski is co-founder and principal of Natto Thoughts, a provider of cyber threat intelligence research and analysis with a specialization in geopolitical, economic, social, cultural, and linguistic perspectives. Mei’s research areas include strategic threat intelligence and East Asian political, military, economic, and strategic affairs.
Eugenio Benincasa is a Senior Cyberdefense Researcher at the Center for Security Studies (CSS) at ETH Zurich. Prior to joining CSS, Eugenio worked as a Threat Analyst at the Italian Presidency of the Council of Ministers in Rome and as a Research Fellow at the think tank Pacific Forum in Honolulu, where he focused on cybersecurity issues.
About LABScon
This presentation was featured live at LABScon 2025, an immersive 3-day conference bringing together the world’s top cybersecurity minds, hosted by SentinelOne’s research arm, SentinelLabs.
Keep up with all the latest on LABScon here.
