{"id":660154,"date":"2025-04-02T13:50:17","date_gmt":"2025-04-02T10:50:17","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/someone-is-trying-to-recruit-security-researchers-in-bizarre-hacking-campaign\/"},"modified":"2025-04-02T13:50:17","modified_gmt":"2025-04-02T10:50:17","slug":"someone-is-trying-to-recruit-security-researchers-in-bizarre-hacking-campaign","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/someone-is-trying-to-recruit-security-researchers-in-bizarre-hacking-campaign\/","title":{"rendered":"Someone is trying to recruit security researchers in bizarre hacking campaign\u00a0"},"content":{"rendered":"
\n

Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month?\u00a0<\/p>\n

Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series<\/a> of fake accounts with avatars displaying photos of attractive women and sliding into the direct messages of several<\/a> cybersecurity<\/a> professionals<\/a> and researchers<\/a> on<\/a> X<\/a> in the last couple of weeks.\u00a0<\/p>\n

\u201cWe are recruiting webshell engineers and teams to penetrate Chinese websites worldwide, with a monthly salary of up to $100,000. If you are interested, you can join our channel first,\u201d read the message, which included a link to a Telegram channel.<\/p>\n

For some reason, I also received this message from an X account named \u201cLook at my homepage,\u201d which had a username, @JerelLayce88010, that looked like it was randomly generated.\u00a0<\/p>\n

When I followed the link, I was able to see the admin of the channel, someone who goes by the name \u201cJack\u201d and has an AI-generated avatar of a pirate.\u00a0<\/p>\n

\u201cAre you proficient in penetration technology<\/a>?\u201d Jack asked me.\u00a0<\/p>\n

I am not, but I asked Jack to tell me more about their goals.\u00a0<\/p>\n

\u201cGet webshells from Chinese registered domains. There is no specific target. As long as the domain is registered in China, it is our target range,\u201d said Jack, referring to web shells<\/a>, programs or script<\/a>s that hackers can use to control hacked web servers. \u201cYou need to understand China\u2019s CMS\u201d \u2014 referring to content management systems, the software that runs the backends of websites \u2014 \u201cfind loopholes, and be able to obtain webshells in batches. There is no upper limit to the number we need. The more the better. This is a long-term job. We can establish long-term cooperation.\u201d<\/p>\n

Yes, but crucially, why?<\/p>\n

\u201cWhat I need is China\u2019s traffic,\u201d Jack said, perhaps losing patience with my questions.\u00a0<\/p>\n

OK, but for what?<\/p>\n

At this point, Jack definitely got tired of my questions and gave me an assignment: Get me three web shells on any domain registered in China so I know you have the skills. Generously, Jack offered me $100 for each hacked domain.<\/p>\n

Alas, I still don\u2019t have the skills to do that, nor the willingness to break the law. Instead I kept asking questions, including who Jack was working for. \u201cIndian government,\u201d Jack responded, although in a subsequent chat Jack contradicted that, blaming automatic translation, which they said they were using because Chinese is their first language.\u00a0<\/p>\n

I spoke to some of the researchers who got Jack\u2019s strange job offer, and they were also puzzled. Nobody said they have gotten a malicious link, for example, or suspicious questions that would indicate some sort of doxing or scam campaign.\u00a0<\/p>\n

\u201cI am guessing it\u2019s a troll [rather] than some serious threat actor,\u201d said s1r1us, a security researcher who received a DM from one of Jack\u2019s sockpuppet accounts on X. \u201cIf they want to hire top talent this is not definitely the way.\u201d<\/p>\n

The Grugq, a well-known cybersecurity expert, told TechCrunch that he has never seen anything like this recruiting campaign. \u201cI have seen [people] asking dumb questions and spamming for various cybersecurity-related things,\u201d he said. \u201cBut never anything like the persistent, widespread, bizarre s\u2014 from this guy.\u201d<\/p>\n

According to The Grugq, perhaps the goal is to infect people inside China with malware, as it doesn\u2019t make sense to use Chinese domains to launch DDoS attacks or spam, because that wouldn\u2019t justify the high payment.\u00a0<\/p>\n

\u201cI really can\u2019t think of wtf they\u2019re doing,\u201d The Grugq concluded. \u201cIt makes no sense.\u201d<\/p>\n

And neither can anyone else, apparently. Godspeed, Jack, in whatever adventure you are embarking on.<\/p>\n<\/div>\n

If you liked the article, do not forget to share it with your friends. Follow us on\u00a0Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n

\n

If you want to read more like this article, you can visit our Technology<\/a><\/span> category.<\/strong><\/p>\n<\/blockquote>\n

Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Are you willing to hack and take control of Chinese websites for a random person for up to $100,000 a month?\u00a0 Someone is making precisely that tantalizing, bizarre, and clearly sketchy job offer. The person is using what looks like a series of fake accounts with avatars displaying photos of attractive women and sliding into…<\/p>\n","protected":false},"author":1,"featured_media":660155,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2025\/04\/hacker-question-chat.jpg?resize=1200,686","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[76978,4973,70375,70944,70513,72287],"class_list":["post-660154","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology","tag-cybercrime","tag-china","tag-cybersecurity","tag-hackers","tag-hacking","tag-security"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/660154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=660154"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/660154\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/660155"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=660154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=660154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=660154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}