Back to Home

Shenzhen User Association (SZCUA) announced its desire to buy undocumented vulnerabilities in iOS and Android

China · SZCUA · information security · vulnerabilities · 0day

Shenzhen User Association (SZCUA) announced its desire to buy undocumented vulnerabilities in iOS and Android



    A number of Russian companies working in the field of IT security have received an offer to sell information on undocumented vulnerabilities in iOS and Android, as well as various browsers and other software, the Kommersant newspaper reports with reference to its sources in Russian companies.

    Potential buyers, according to them, are representatives of SZCUA - the ShenZhen Computer Users Association, represented as the Chinese association of large IT companies. SZCUA allegedly includes organizations such as Kingdee International Software Group and China Greatwall Computer Shenzhen Co. Theoretically, in the future, undocumented vulnerabilities that SZCUA representatives are looking for can be used to conduct cyber attacks by government hacker groups.

    The main sales representative of SZCUA is a certain Robert Nevsky, who turned to Russian companies working in the field of information security with a proposal of "cooperation".

    “We are interested in buying zero-day vulnerabilities. We are interested in os / cms / app / software / modems / office / browsers. Especially interesting at the moment are IE / modem / Android / iOS. Price depends on the product. In the first transaction, the price threshold does not exceed $ 100 thousand (the price is being discussed). Payments in three stages, the first - before receiving the product, the second - after receipt and appropriate verification, and the third - after two or three months to ensure that the exploit has not been made public, ”Nevsky quotes in one of Kommersant’s correspondence.

    As it turned out, this is not the first attempt of this organization to get data on vulnerabilities in various software. In 2015, the association tried to make the same offer to a number of information security experts from the UK. Then the screenshots of the correspondence got on Twitter. Letters were sent from the mailbox in the [email protected] organization domain.

    When requesting clarification about the actions of the association in this direction, SZCUA officials said that they had nothing to do with the search for exploits and were not involved in such matters.

    Kommersant found Robert Nevsky’s profile on LinkedIn . According to the information posted there, he has been working for the company since June 2016, when the first letters to companies specializing in information security began to arrive in August. In the social network Vkontakteand the Twitter microblogging service , user accounts were found that were several signs similar to those mentioned in the publication by Robert Nevsky, who is represented by a SCZUA sales representative. The link to “Twitter” is indicated in the user profile in VK.

    The earliest “ascent” of SZCUA was recorded in 2014. Then the user of Twitter posted a screenshot with a letter, which also offered to sell information on vulnerabilities to the "largest Chinese computer user association":


    In the same tweet thread a year later (in 2015), another user posted a screenshot of the letter from another e-mail with a similar sentence:


    Although SZCUA has been absolutely absolutely leading its activities since 2014, in reality many questions arise for this organization.

    According to the who.is official domain , the domain manager’s contact is a room in the Museum of Science (Address: Room 203, Information Security Assessment Center across the street from Civic Center, Futian District, Shenzhen North Gate Zip / Postal Code: 518031). The domain was registered in 2007 and paid until 2017. In addition, the domain information was last updated on May 26, 2016, and judging by the profile of Nevsky, he has been working with the company since June 2016. The mailing address for feedback on who.is is the box [email protected]. 126.com is a free Chinese email hosting service.

    There were two more profiles on LinkedIn ( 1 ,2 ) SZCUA employees. It is not possible to find any additional information about SZCUA, which supposedly includes large Chinese IT companies, besides their own site and blog , which, at first glance, is filled with real content and visited by real people, on the Web.

    All this, coupled with updating the domain information and the resumption of SZCUA activity in a few days by Robert Nevsky, suggests that the organization is most likely a banal “screen” with a fairly long history. But the “screen” for anyone: a fraudster or representatives of Chinese law enforcement agencies is an open question.

    Read Next