Two Individuals Associated with China's Salt Typhoon Hacker Group Reportedly Trained at Cisco Academy

A worldwide initiative dedicated to teaching fundamental IT networking skills opens doors to students everywhere. This program believes in the power of education to level the playing field, enabling individuals to gain expertise and chart their own courses in the digital age.

However, the path chosen by some students appears to lead them to involvement in a major Chinese state-backed hacking campaign targeting Western interests—and primarily .

This surprising development was uncovered by Dakota Cary, a cybersecurity researcher with SentinelOne and the Atlantic Council. He is part of a community of analysts monitoring a notorious Chinese government-sponsored hacking entity. This group rose to infamy by infiltrating numerous telecom networks, subsequently enabling surveillance on live communications of notable figures such as past candidates for the US presidency.

Cary has traced some of the Salt Typhoon affiliates' cyber skills to their participation in a Cisco training competition. He identified two individuals, Qiu Daibing and Yu Yang, as partial owners of companies associated with Salt Typhoon. Records show that people bearing these names had previously excelled in the Cisco Networking Academy Cup, demonstrating proficiency acquired through the Cisco Networking Academy.

Cary remarks on this unusual link, illustrating the irony of transitioning from a corporate-sponsored educational setting to orchestrating cyberattacks against the same company. Two alumni of this Academy moved on to play roles in an espionage operation targeting telecommunications at an unprecedented scale.

Responding to inquiries, Cisco reiterated its dedication to equipping individuals with essential technological skills. Since its establishment in 1997, the Cisco Networking Academy has educated millions across the globe, its reach unhindered by geographic boundaries.

Despite the Academy's general focus, rumors persist of it offering courses on ethical hacking, penetration testing, and vulnerability analysis. It's unclear if Qiu and Yu were exposed to such curriculum.

The trail of Qiu and Yu surfaced again in a university posting from Southwestern Petroleum University located in China's Sichuan province. In 2012, a record states, these names were among those who secured top spots in the Cisco competition within China.

Further online exploration revealed a LinkedIn profile for a Qiu Daibing from Sichuan linked to Southwestern Petroleum University, listing Ruijie Networks as an interest—a company intriguingly similar to Salt Typhoon’s linked firms.

To evaluate the likelihood of name coincidences, Cary consulted Yi Fuxian, a Chinese demographics expert. While Qiu Daibing is a less common name in China, Yu Yang appears more frequently. Yet, both names appearing together suggests a strong case against mere coincidence.

WIRED attempted to contact these individuals using Qiu's LinkedIn and an email affiliated with a company linked to Salt Typhoon, but received no reply.

Cary’s hypothesis that these men were shaped in the Cisco Academy doesn’t necessarily indicate security flaws within the program. Instead, it underscores a challenge in today's global landscape where technological training—and products—are accessible internationally, including to potential threats.

Furthermore, the irony is noted by Cary in light of China's reported efforts to replace foreign technology with domestic products in their infrastructure. "If China is actually phasing out these products from their networks, as reported, then who persists in acquiring knowledge of these systems?" he posits.

John Hultquist from Google's Threat Intelligence Group highlights China's decreasing transparency with the international cybersecurity community, such as discouraging disclosures from Chinese researchers globally.

"It's as though we've been told that participation will not be matched by them," remarks Hultquist on China's approach. "Our initiatives assist them, yet the exchange feels one-sided."