Between January and March 2025, the United States indicted or sanctioned individuals and companies linked to Chinese state-sponsored threat actors known as APT27, Red Hotel, and Flax Typhoon – labels used by cybersecurity researchers to group entities with similar tactics. Many of the individuals behind these groups trace their roots to an earlier community of elite hackers known as ‘red hackers’ or ‘Honkers’, active in online forums during the mid-1990s and 2000s. Over the following two decades, these Honkers evolved from informal hacker collectives into key architects of China’s cyber apparatus. Many founded security startups, helped build cybersecurity teams at major tech firms such as Baidu, Alibaba, Tencent, and Huawei and helped shape a cybersecurity market driven by attack-defence capabilities. Today, these capabilities likely serve as key enablers of China’s advanced persistent threat (APT) groups, as cyber operations are increasingly carried out through private-sector proxies.
The 40 ‘Red Hackers’ Who Shaped China’s Cyber Ecosystem | Royal United Services Institute
